Microsoft unveiled a program to alert banks and online services when accounts they oversee are compromised.

The Internet Fraud Alert will serve as a centralized repository for stolen account credentials and personal information, Microsoft said in a press release announcing the system. It creates a single place for researchers to match researchers who discover large caches of pilfered passwords and payment card numbers with the organizations responsible for the compromised accounts. The service is supported by almost a dozen online businesses and fraud-prevention groups.

The vast amount of stolen credentials stashed on servers and sites such as Pastebin.com often makes it hard for people who discover the information to bring it to the attention of the service providers, retailers and other groups whose customers are affected by the breaches. Whats more, many organizations don't provide a prominent email address or weblink where compromises can be reported. The Anti-Phishing Working Group alone received more than 410,000 unique phishing reports last year.

Microsoft Internet Fraud Alert as a secure location where researchers can systematically report information about compromised accounts. The service then alerts the proper banks, service providers or authorities.

Ref: http://www.theregister.co.uk/2010/06/17/internet_fraud_alert/

It was ascertained that certain internet facing computers belonging to Indian Defence Networks which were compromised by the hackers had no sensitive defence data. To mitigate such incidents from recurring in the future organisations under Ministry of Defence have worked out a Crisis Management Plan for measured response in case of any untoward incident.

Defence Information Assurance and Research Agency (DIARA), a nodal agency mandated to deal with all cyber security related issues of Tri Services and Ministry of Defence is having a close coordination with national agencies like Computer Emergency Response team – India (Cert-In) and National Training Research organisation (NTRO). Specific Cyber Security Policies have been devised at all levels. Services Headquarters have an information security policy and their networks are audited as per the guidelines.

Ref: http://pib.nic.in/release/release.asp?relid=63588

A security firm claims as many as 100,000 smartphones have been compromised with malware which typically poses as a game and affects Symbian Series 60 3rd edition and 5th edition devices. The malware appears to be programmed to send SMS messages from compromised devices.

These botnets either send messages to all the contacts of the address book directly or send messages to the random phone numbers by connecting to a server.

The viruses even deletes sent messages from the users Outbox and SMS log. All messages contain URLs linked to malicious sites that users won’t be able to see until after they’ve fallen into the virus trap.

The Symbian Foundation said that the certificate used to sign has been revoked, so if revocation checking is enabled on a phone the malware will not run.

Ref: http://www.theregister.co.uk/2010/07/08/symbian_malware/

The support site of leading Chinese PC manufacturer Lenovo has been compromised by unknown attackers who injected a rogue IFrame into the pages over the weekend. Security researchers warn that unwary visitors looking for drivers are exposed to several exploits that install the Bredolab trojan onto their computers.

The IFrame points to an exploit kit hosted on a domain called volgo-marun.cn. After performing several checks to determine what vulnerable software they had installed on their computer, the visitors were served with exploits tareting older versions of Internet Explorer, Adobe Reader or Adobe Flash player.

At the moment, the malicious executable is detected by only ten of the 41 antivirus products listed on VirusTotal. The entire download.lenovo.com subdomain has been blacklisted by Google's Safe Browsing service. This means that Firefox or Chrome users should see malware warnings when opening resources hosted on it.

Even though the malicious .cn domain appears to be dead at the moment, it could return back online at any time. Therefore, users are advised to stay clear of the Lenovo support website for a couple of days, until the manufacturer has a chance to clean it up and plug the hole that allowed the compromise in the first place.

Ref: http://news.softpedia.com/news/Lenovo-Support-Website-Infects-Visitors-145111.shtml

A malvertising attack targeted TweetMeme users after a rogue advertiser made its way onto the website. The malicious advertisements directed user to third party websites displaying fake malware alerts with the purpose of convincing users to install scareware.

Malvertising (malicious advertising) is a type of attack where cyber crooks manage to insert rogue ads that lead users to malicious content . The practice is commonly employed by scareware pushers to distribute their fake antivirus products.

TweetMeme users were targeted via malicious advertisements served by a rogue advertiser at y5-media.com. An investigation of the incident revealed that the threat distributed through these malvertisements was a fake antivirus called Security Threat Analysis.

The researchers explain that requests to y5-media.com bounce through two other websites before landing on the scareware domains. In order to fly under the radar the cyber crooks tried to make the attack as subtle as possible.

Malvertisements can be very dangerous, because unlike black hat search optimization campaigns that poison search results with malicious links, they can are a lot harder to detect, and abuse the trust that users put into legit websites. Popular websites that were previously affected by similar attacks include the New York Times, Gizmodo or Digital Spy.

Ref: http://news.softpedia.com/news/TweetMeme-Hit-by-Malvertisement-147762.shtml