Security Bytes: FTC cracks down on alleged spyware distributors

FTC cracks down on alleged spyware distributors
At the Federal Trade Commission's urging, a U.S. district court is cracking down on a massive spyware operation in which Google's BlogSpot service is apparently used to fool users into downloading spyware and adware programs. According to the IDG News Service, the U.S. District Court for the Central District of California in Los Angeles froze the assets of an organization doing business as Enternet Media Inc., Searchmiracle.com, C4tdownload.com and Cash4toolbar.com. The court also halted the downloads of an affiliate site, Iwebtunes.com, that allegedly spread spyware by offering free background music to Web log operators. The FTC claims the Web sites of the defendants and their affiliates cause installation boxes to pop up on users' computer screens. In some cases, the installation boxes reportedly offer a variety of freeware, including music files, mobile phone ring tones, photographs and song lyrics. In another variation, the pop-up boxes warn users that their Web browsers were defective and offered free upgrades or security patches. Instead of receiving the free files or patches, the FTC said, users' computers were infected with spyware. The FTC wants a permanent injunction against such downloads, and has asked the court to order the defendants to give up their "ill-gotten gains."

Patches fix serious RealPlayer flaws
Seattle-based RealNetworks Inc. has issued patches fixing two critical flaws in RealPlayer. The problems were discovered by Aliso Viejo, Calif.-based eEye Digital Security. According to eEye, attackers could exploit the first vulnerability to overwrite stack memory with arbitrary data and execute malicious code "in the context of the user who executed the player." eEye added: "This specific flaw exists in the first data packet contained in a Real Media file. By specially crafting a malformed .rm movie file, a direct stack overwrite is triggered, and reliable code execution is then possible." RealNetworks recommended users install its patch to fix the problem. Attackers could exploit the second vulnerability to overwrite the heap with arbitrary data and execute malicious code. "A RealPlayer skin file (.rjs extension) can be downloaded and applied automatically through a Web browser without the user's permission," eEye said. As with the first flaw, RealNetworks recommends users download the patch.

IM malcode poses phishing threat
Waltham, Mass.-based IMlogic Inc. is warning Yahoo Messenger users to beware of malcode that can launch phishing attacks. The firm said IM.Marphish.Yahoo attempts to access a user's Yahoo credentials and use Yahoo Messenger to broadcast IM messages that appear to be from the Yahoo abuse department. "The link sent brings you to a location on the 42.pl domain, which redirects you to the phishing site," IMlogic said. The firm rates the malcode as a medium-risk threat.

Microsoft urges Macromedia Flash Player users to patch
Microsoft issued an advisory this week urging users of Macromedia Inc.'s Flash Player to download updates to fix a recently-disclosed security hole. "Microsoft is aware of recent security vulnerabilities in Macromedia Flash Player, a third-party software application that also was redistributed with Microsoft Windows XP Service Pack 1, Windows XP Service Pack 2, Windows 98, Windows 98 SE, and Windows Millennium Edition," the software giant said. Attackers could launch malicious code by exploiting a flaw in San Francisco-based Macromedia's Flash Player 7, according to an advisory earlier this week. The advisory describes the flaw as a "problem with bounds validation for indexes of certain arrays in Flash Player 7 and earlier, [which leaves open] the possibility that a third party could inject unauthorized code that would have been executed by Flash Player."

Liberty Alliance pushes for stronger authentication
The Liberty Alliance Project, a global consortium working to develop open federated identity and Web services standards, said this week that it is forming a global group dedicated to developing open specifications for stronger interoperable authentication methods. The Strong Authentication Expert Group will "expand [Liberty Alliance's] work beyond federation to build ID-SAFE (Identity Strong Authentication Framework), an open framework to allow strong authentication solutions, such as hardware and software tokens, smart cards, SMS-based systems and biometrics to interoperate across organizations, networks and vertical market segments," the alliance said in a statement.

FEMA data security called into question
U.S. Department of Homeland Security Inspector General Robert Skinner said in a recent report (.pdf) that the Federal Emergency Management Agency (FEMA) lacks the adequate controls to protect sensitive data in its National Emergency Management Information System (NEMIS). Though the agency has made and maintained several significant security controls for NEMIS, Skinner said more must be done. Among his findings: FEMA has yet to implement effective measures to grant, monitor and remove user access. It also hasn't conducted contingency training or testing. Skinner added that security holes were uncovered on NEMIS servers responsible for access rights and password administration. "Due to these database security exposures, there is an increased risk that unauthorized individuals could gain access to critical EP&R [Emergency Preparedness and Response] database resources and compromise the confidentiality, integrity and availability of sensitive NEMIS data," Skinner said in the report. "In addition, EP&R may not be able to recover NEMIS following a disaster." He said the agency should work to ensure better NEMIS user-access control and implement an IT contingency training and testing program. He also said FEMA should hammer out plans to address the vulnerabilities he discovered. FEMA, part of the Department of Homeland Security, has faced criticism for its response to Hurricane Katrina after the Category 4 storm slammed into the Gulf Coast in late August.

Symantec fixes Veritas flaw
Cupertino, Calif.-based Symantec Corp. has issued a security update to fix a buffer overflow vulnerability in Veritas NetBackup 5.x servers and clients. "A shared library used by the Veritas NetBackup volume manager daemon (vmd) running on Veritas NetBackup 5.x servers and clients" could be exploited "to possibly allow a malicious attacker to create a denial of service [or] allow execution of arbitrary code with elevated privileges on a targeted system," Symantec said in its advisory.

TransUnion breach exposes data on 3,600 consumers
Information on 3,600 consumers could be in the hands of identity thieves after a computer was stolen from an office of the TransUnion LLC credit monitoring service, the company admitted this week. According to media reports, the computer was taken from a sales office TransUnion has in California. The PC housed sensitive personal data that included Social Security numbers. Consumers whose information was compromised were notified of the theft and given a year of complimentary credit monitoring by the service, according to CNET News.com.