Slashdot Mirror

Police in Australia have arrested a man who allegedly made AU $300,000 (US $211,000) running a website which sold the account passwords of popular online subscription services including Netflix, Spotify, Hulu, PSN, and Origin. From a report: The 21-year-old man was arrested on Tuesday in Sydney, Australia, following an international investigation by the FBI and the Australian Federal Police into the website Wicked Gen. The Wicked Gen website bragged that it had over 120,000 users and almost one million sets of account details, offering monthly and yearly membership plans for those who wanted "access to thousands of premium accounts across a huge range of services." The account passwords, however, were not obtained via legitimate means. Instead the details were typically obtained through credential stuffing using swathes of usernames and passwords leaked through other data breaches, without the knowledge of their genuine owners.

Even though you would assume that people would know better, an anonymous reader writes, in my experience, I have found many who think installing more than one antivirus program on their computer is the right way to go about it. Some have installed as many as three third-party security suites, which among other things, takes a toll on the performance. This week the New York Times' tech tip section addresses the matter. From the article, which could be paywalled, but you don't have to read it in entirety anyway: Installing more than one program to constantly scan and monitor your PC for viruses and other security threats can create problems, because the two applications will likely interfere with each other's work. Clashing antivirus programs can cause the computer to behave erratically and run more slowly as the applications battle for system resources. Microsoft advises against running its Windows Defender security software on the same system with another installed third-party antivirus program. Likewise, antivirus software companies also warn against using other system security products when you are using theirs; Bitdefender, Kaspersky Lab and Symantec all have articles on their sites explaining the potential problems in detail. Programs that do not constantly patrol your operating system, like mail scanners, may not be an issue. What do you folks recommend to people who are not as tech-savvy?

An anonymous reader writes from a report via Softpedia: There is an insecure IoT smart electrical socket on the market that leaks your Wi-Fi password, your email credentials (if configured), and is also poorly coded, allowing attackers to hijack the device via a simple command injection in the password field. Researchers say that because of the nature of the flaws, attackers can overwrite its firmware and add the device to a botnet, possibly using it for DDoS attacks, among other things. Bitdefender didn't reveal the device's manufacturer but said the vendor is working on a fix, which will be released in late Q3 2016. Problems with the device include a lack of encryption for device communications and the lack of any basic input sanitization for the password field. "Up until now most IoT vulnerabilities could be exploited only in the proximity of the smart home they were serving, however, this flaw allows hackers to control devices over the internet and bypass the limitations of the network address translation," says Alexandru Balan, Chief Security Researcher at Bitdefender. "This is a serious vulnerability, we could see botnets made up of these power outlets."

Orome1 quotes a report from HelpNetSecurity: Bitdefender has discovered that encrypted communications can be decrypted in real-time using a technique that has virtually zero footprint and is invisible to anyone except extremely careful security auditors. The technique, dubbed TeLeScope, has been developed for research purposes and proves that a third-party can eavesdrop on communications encrypted with the Transport Layer Security (TLS) protocol between an end-user and a virtualized instance of a server.
Bitdefender says the new technique "works to detect the creation of TLS session keys in memory as the virtual machine is running." According to HelpNetSecurity, this vulnerability "makes it possible for a malicious cloud provider, or one pressured into giving access to three-letter agencies, to recover the TLS keys used to encrypt every communication session between virtualized servers and customers. CIOs who are outsourcing their virtualized infrastructure to a third-party vendor should assume that all of the information flowing between the business and its customers has been decrypted and read for an undetermined amount of time."

itwbennett writes: Last week a new piece of ransomware was discovered that targets Linux servers. Yesterday, researchers at Bitdefender discovered a critical flaw in how the ransomware (dubbed Linux.Encoder.1) operates while testing a sample in their lab and released a free tool that will automatically decrypt any files on a victim's system that were targeted.

Anyone who's seen social media sites like Facebook has probably also seen scam ads that promise new features or insider access to the sites themselves. rudy_wayne writes Zdnet reports that a new whitepaper from antivirus company Bitdefender, which examined 850,000 Facebook scams over two years, shows that Facebook's own user experience enables these scams to flourish. The researchers found that scammers have infected millions of users with the same tricks over and over again — just repackaged. The most common tricks, such as 'Guess who viewed your profile (45.5 percent)' and 'change your background color' (29.53 percent) rely on a combination of the obsessions encouraged by the Facebook experience, and a general lack of understanding about Facebook's functionality — which, as most users know, is a constantly moving target. Users would be none the wiser that a given scam isn't just a new "feature" or another of Facebook's psychological experiments being done on users.

An anonymous reader writes Bitdefender has discovered that a new variant of the Trojan component, Pushdo, has emerged. 77 machines have been infected in the UK via the botnet in the past 24 hours, with more than 11,000 infections reported worldwide in the same period. The countries most affected so far by the Pushdo variant are India, Vietnam and Turkey. Since Pushdo has resurfaced, the public and private keys used to protect the communication between the bots and the Command and Control Servers have been changed, but the communication protocol remains the same.

alphadogg writes "Users of the BitDefender antivirus software started flooding the company's support forums Saturday, apparently after a faulty antivirus update caused 64-bit Windows machines to stop working. The company acknowledged the issue in a note explaining the problem. 'Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5,' the company said. The acknowledgment came after BitDefender users had logged hundreds of posts on the topic. Some complained of being unable to reboot their systems."

Analise writes "The Register reports on the first trojan using Sony's DRM rootkit. A newly discovered variant of the Breplibot trojan makes use of the way Sony's rootkit masks files whose filenames begin with '$sys$'. This means that any files renamed this way by the trojan are effectively invisible to the average user. The malware is distributed via an email supposedly from a reputable business magazing requesting that the businessperson verify his/her attached 'picture' to be used for an upcoming issue. Once the payload is executed, the trojan then installs an IRC backdoor on affected Windows systems."

Tuxedo Jack writes "The Register reports that the new Atak worm cannot be analyzed or debugged by antivirus companies without quite a bit of work, due to the author being sloppy with his or her code. Windows machines, as per the norm, are the only vulnerable ones, and it still requires user intervention to infect. Perhaps future worms will start including this 'bug' in their releases. We can only hope not." It doesn't sound like a bug at all, from the virus writer's perpective.

mache writes "Full NTFS write support for Knoppix is under discussion on Knoppix Ideas forum and it looks that Knopper will include Captive into Knoppix 3.4. The best part of Live CD with full NTFS write support is that it actually exists in LinuxDefender, a remastered Knoppix distribution made by Bitdefender, presented at LinuxConf 2003, the annual Romanian Linux Users Group (RLUG) conference."

mache writes "Full NTFS write support for Knoppix is under discussion on Knoppix Ideas forum and it looks that Knopper will include Captive into Knoppix 3.4. The best part of Live CD with full NTFS write support is that it actually exists in LinuxDefender, a remastered Knoppix distribution made by Bitdefender, presented at LinuxConf 2003, the annual Romanian Linux Users Group (RLUG) conference."

mache writes "Full NTFS write support for Knoppix is under discussion on Knoppix Ideas forum and it looks that Knopper will include Captive into Knoppix 3.4. The best part of Live CD with full NTFS write support is that it actually exists in LinuxDefender, a remastered Knoppix distribution made by Bitdefender, presented at LinuxConf 2003, the annual Romanian Linux Users Group (RLUG) conference."

mache writes "Full NTFS write support for Knoppix is under discussion on Knoppix Ideas forum and it looks that Knopper will include Captive into Knoppix 3.4. The best part of Live CD with full NTFS write support is that it actually exists in LinuxDefender, a remastered Knoppix distribution made by Bitdefender, presented at LinuxConf 2003, the annual Romanian Linux Users Group (RLUG) conference."