Discovered by security researchers at scan safe

“A potent trojan cocktail consisting of backdoors, password stealers, and downloader is being loaded by a malicious iframe on nearly 55,000 compromised website pages. The iframe points to an intermediary exploit site, http://a0v.org/x.js, which in turn loads additional exploits and malware from up to seven different malware domains.

A Google search on the iframe script tag resulted in 54,900 hits. Victim sites include www.feedzilla.com, latindiscover.com, and a number of charitable and nursing facilities, including howellcarecenter.com, sweetgrassvillagealf.com, www.foodsresourcebank.org, and morningsideassistedliving.com.”

I started seeing these domains pop up around 8/5. Follow the links below for more information.

ahthja info
laogong info

Read More

‘Skimming’ customer credit card numbers is a growing threat
By Ellen Messmer , Network World , 08/25/2009

Miniature digital cameras have been found “hidden in false ceilings,” above PIN pads, or on store counters “in boxes to hold leaflets” and in “charity boxes next to PIN pads,” the council’s report notes. Criminals use “miniature cameras to observe and record the PIN as it is entered.”

Attackers are doing whatever takes to tamper with payment-terminal equipment to compromise it by adding skimmers, sometimes paying off employees to look the other way.

“The skimming equipment can be very sophisticated, small and difficult to identify,” the council’s report notes. “Often it is hidden within the terminal so neither the merchant nor the cardholder knows that the terminal has been compromised.” Even MP3 players and voice recorders have been used as skimming equipment

Read More

You can now hide a GPS unit in your family car and find out where everybody went. But should you?
By Todd R. Weiss , Computerworld , 08/25/2009

These days, if you want to watch over your house, your kids or your significant other, there’s a whole world of high-tech security devices out there you can use, in forms you may not have even imagined.

There are tiny GPS data loggers you can slip into someone’s car or backpack to learn where they’re going. There are audio recorders the size of flash drives that can listen in and preserve the conversations of others nearby. And there are surveillance cams in a whole assortment of motion-activated disguises, including facial tissue dispensers, alarm clocks, outdoor home electrical boxes, bird feeders and even soft, furry teddy bears.

But while it’s easy to find and buy surveillance devices, is it legal and/or ethical to use them? Is it okay if you use them to watch over strangers? Is it reasonable to use them to watch and hear family members and loved ones?

The answers can sometimes be murky.
Read More

By Kathleen Lau , Computerworld Canada , 08/21/2009

Cybercriminals could start to take advantage of the popularity of search engines like Google as vehicles for relaying malicious code to botnets every time a particular keyword is searched for, said one Vancouver-based security expert.

Creators of botnets could potentially inject code in various Web sites and choose particular keywords that nobody is yet using on the Web, said Vaclav Vincalek, president of Pacific Coast Information Systems (PCIS) Ltd.

Achieving Network Payment Card Industry Data Security Standard (PCI DSS) Compliance with Netcordia’s NetMRI: Download now
“If the botnet starts using Google for special keywords and finds the code and executes, you can start using Google as the transmission of the code or instructions to these botnets,” said Vincalek.

“Basically, (the search engines) will do the dirty work.”
Read More

Whither the weather?
By John Leyden • Get more from this author

Posted in Anti-Virus, 20th August 2009 10:18 GMT
Watch the Application Security Regcast, right here
Measured and non-partisan US TV channel Fox was left looking rather silly after it forgot to renew the anti-virus subscription on an on-air PC.

Attempts to switch to a weather forecast were interrupted after the PC concerned displayed a prominent warning that its Norton AntiVirus had expired. The presenter concerned didn’t miss a beat in describing a weather front over New Jersey, and clicked on a dialogue box to remove the message.

Still, viewers couldn’t have failed to notice the prominent red-bordered message.

A video clip of the amusing snafu can be found on the Fail Blog here