She (her homepage) is your first lead in cracking this year's t2'12 Challenge.
It's set to be released at 10:00 EEST on September 1st. That's 8:00 AM in the U.K. – so get a good night's sleep! And if you're on the east coast of North America, that's 3:00 AM – perhaps you should take a nap…
You'll need "ninja skills" to win the challenge. Here's the description from t2'12:
"A well known carder gang needs to be found and taken down, and it requires an investigator with ninja skills to do it."
"…each gang member possess a piece of an image file that is known to be incriminating evidence and enough to put the whole gang behind bars. The only lead we have is the homepage of a young woman who is supposedly the girlfriend of one the gang members. Your mission, should you choose to accept it, is to find all gang members and their pieces of the image file."
Both speed and style can earn you a victory.
And your reward for success? Free tickets to the t2'12 infosec conference.
Oracle has released an update for Java, version 1.7.0_07. Also of note, there's a version 1.6.0_35 that also patches vulnerabilities. You can download the installers from here.
And before Oracle can release a patch for the new Java zero-day exploit that we wrote about earlier today, Blackhole waltzes onto the scene with an update of its own. So the exploit kit users can now avail of the latest BH, now with the new CVE-2012-4681 exploit.
We wonder if this will actually spike Blackhole sales.
The authors seem to be in such a hurry that they can't think of new names anymore (click the images for a larger view):
There being no latest patch against this, the only solution is to totally disable Java. Since this is the most successful exploit kit + zero-day… qué horror. Please, for the love of your computer disable Java on your browser.
The JAR is detected as Exploit:W32/CVE-2012-4681.A (SHA1: 15fde2d50fc5436aa73f3fd6b065f490259a30fd).
Well folks… the perpetual vulnerability machine that is Oracle's Java Runtime Environment (JRE) has yet another highly exploitable vulnerability (CVE-2012-4681). And it's being commoditized at this very moment and will very soon find its way into popular exploit kits such as Blackhole.
Then, if you happen to have Java (JRE) installed, and have the browser plugin(s) enabled… you're at risk of a drive-by download. Based on the details we've examined thus far, all browsers can be exploited (though Chrome seems to be a bit of an open question).
And because Java (JRE) is cross-platform, this potentially opens a door to non-Windows attacks… if the attacker has an appropriately configured payload to drop.
Uninstall Java (JRE) if you don't need (or use) it. If you do need (and want) it, then at least disable the browser plugin(s) when its not in use. You could also consider installing an extra browser exclusively for Java based sites.
How you mitigate this seemly constant vulnerability? Tell us in this poll:
Mikko recently gave a keynote presentation at this year's Hack In Paris. The presentation — Where are we and Where are we Going — is now available for viewing on YouTube.
Our summary of notable malware research is now available in our Threat Report for H1 2012, covering January to July. 2012 has seen some very significant milestones. From Mikko's foreword:
"Just like modern hi-tech research revolutionized military operations over the last 50 years, we are going to see a new revolution, focusing on information operations and cyber warfare. This revolution is underway and it�s happening right now."
"It's important to understand that cyber warfare does not necessarily have anything to do with the Internet."
But don't let the talk of warfare distract you, criminals were still as busy as ever. Our report includes the following case studies:
• ZeuS & Spyeye • Flashback • Blackhole • Mobile Threats • Ransomware • Rogueware
You can download the report from the Labs section of our dot.com site.
The amount of malware in the world can be counted in many different ways. Here at F-Secure Labs, we prefer a more conservative approach to enumerate threats. It seems others prefer this method as well:
The Android statistics above are from our Mobile Threat Report for Q2 2012. All of our reports are available on the F-Secure Labs section of our dot.com site. Check them out.
The not atypical workspace here at F-Secure Labs… very sophisticated.
We rely on a good amount of automation and virtualization in our battle against malware. Our opponents, malware authors, know this and they frequently employ new tactics to avoid being processed by our back end systems.
One particularly prevalent threat is a "banking trojan" called ZeuS. In the past, we've written about a ZeuS variant that might not infect slow computers as a result of aggressive anti-debugging techniques.
Well, today we analyzed a recent ZeuS variant and discovered that it checks to see if its environment is "normal" by looking for the presence of an audio card from the Windows Registry.
If that entry isn't found, it will create a stack overflow by entering infinite recursion. It most likely does this as an anti-virtualization measure. For example, it fails to run in some standard configurations of VMware. We (and most likely other AV vendors) don't use standard visualization software in our automation. But this could possibly frustrate some more hands on analysts, such as those that work for bank security.
Chenggang's two-part series, China's Economy – The Insider's View, on the BBC World Service is one of the more unique points of view that we've encountered recently. It's definitely worth a listen.
And regarding Sina Weibo, to better understand a society, you should better understand its use of social media. For more analysis on how Chinese use of Weibo is affecting public activism, check out another two part series from the World Service.
Gauss was discovered during the "Flame" investigation, which itself has connections to Stuxnet — which in turn was part of a U.S. espionage project code named "Olympic Games".
Interesting.
Here are some additional things of interest regarding Gauss.
According to the analysis, Gauss targets several Lebanese banks and monitors transactions (such as a banking trojan would do).
That's quite something when considered in context with this Wall Street Journal story from April:
Here's another notable detail: Gauss will not install itself if antivirus software is present.
Finally, given how the Olympic Games story has evolved, it makes "paranoid" minded folks such as us read this August 6th story from the Wall Street Journal about Standard Chartered bank allegedly laundering $250 billion worth of Iranian funds in a whole new light…
