...will he ever win?

    page 1 of 20  [next]  [last]    [view as one page] 

March 15, 2012


EFF News

Fake YouTube Site Targets Syrian Activists With Malware

Last week, EFF reported on two instances of pro-Syrian-government malware targeting Syrian activists through links sent in chats and emails. This week, we've seen new Windows malware dropped by a fake YouTube site hosting Syrian opposition videos.

Below is a screenshot of the fake YouTube page, which attacks users in two ways: it requires you to enter your YouTube login credentials in order to leave comments, and it installs malware disguised as an Adobe Flash Player update.

This phishing site has been taken down, but if you encounter a similar page do not enter your YouTube login credentials to comment. If you have already logged in to the site (or a similar site) to leave a comment follow the steps outlined below to see if your computer has been infected, and change your YouTube and Gmail passwords from an uninfected computer immediately. You may also wish to take some additional steps to make sure that your Gmail account is secure, including enabling 2-factor authentication and checking to see if any suspicious forwarding addresses or delegated accounts have been added to your account.

If you encounter a similar page do not click "Install" to update Flash. Clicking "Install" drops a file called setup.exe. This is a .NET file and .NET is required to run it. Once it is installed, the dropper connects back to an address in Syrian IP space and downloads additional malware, which gives the attacker administrative access to your computer.

To see if you have been infected, look for the following files:

These files are "system files" and will not be visible by default. To change your settings to make system files visible in Windows 7, Start-->Control Panel-->Appearance and Personalization-->Show hidden files and folders, then select the radio button called Show Hidden Files, Folders, and Drives. Remove the checkbox labeled "Hide extensions for known file types." Remove the checkbox labeled "Hide protected operating system files."

C:\Documents and Settings\Administrator\Local Settings\Temp\sysglobl.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\mscordbc.exe

On Windows 7 systems, you can find them here:

C:\Users\Administrator\AppData\Local\Temp\sysglobl.exe
C:\Users\Administrator\AppData\Local\Temp\mscordbc.exe

You can see both files in the screenshot below:

What do do if your computer is infected:

If your computer is infected, deleting the above files does not guarantee that your computer will be safe or secure. This attack eventually gives an attacker the ability to execute arbitrary code on the infected computer. There is no guarantee that the attacker has not installed additional malicious software while in control of the machine. The safest course of action is to re-install the operating system on your computer and change all passwords to accounts you may have logged into while the computer was infected.

EFF is deeply concerned about this pattern of pro-government malware targeting online activists in authoritarian regimes. We will continue to keep a close eye on future developments in this area.

Related Issues: 

March 15, 2012 06:49 PM


Gizmag

New tech could allow drone aircraft to recognize deck crews' arm signals

Aircraft carrier deck crews may one day be able to direct autonomous drones, using standar...

We’ve all seen footage of flight crews on the decks of aircraft carriers, directing taxiing planes using arm signals. That’s all very well and good when they’re communicating with human pilots, but what happens as more and more human-piloted military aircraft are replaced with autonomous drones? Well, if researchers at MIT are successful in one of their latest projects, not much should change. They’re currently devising a system that would allow robotic aircraft to understand human arm gestures... Continue Reading New tech could allow drone aircraft to recognize deck crews' arm signals

Section: Robotics

Tags: , , , ,

Related Articles:


March 15, 2012 01:45 AM


Linux Weekly News

[$] LWN.net Weekly Edition for March 15, 2012

The LWN.net Weekly Edition for March 15, 2012 is available.

March 15, 2012 12:38 AM

March 14, 2012


Ars Technica

The tab selector, replete with pretty thumbnails.

Microsoft is continuing to show off new features coming in its Internet Explorer 10 Web browser, with a couple of posts describing its touch-friendly Metro interface and its enhanced security.

The current trend in browser design, led by Google Chrome, is to scale back the browser's interface so that it takes less and less of the screen, devoting more room to the Web content itself. Windows 8's Metro design similarly removes window chrome to put the focus on content.

Read the rest of this article...

Read the comments on this post

March 14, 2012 11:45 PM

The president of the Syrian Arab Republic, Bashar Al-Assad

Syrian revolutionaries obtained thousands of e-mails from the personal accounts of embattled Syrian leader Bashar al-Assad and his wife. The e-mails show a cavalier attitude toward the unrest in the country, which has resulted in the deaths of about 8,000 people over the past year due to brutal government crackdowns on civilians protesting Assad's rule.

The Guardian obtained more than 3,000 documents that activists claim to be the private e-mails of ruling couple Bashar and Asma al-Assad, sam@alshahba.com and ak@alshahba.com. The activists obtained access to the presidential couple's accounts in June 2011 after a mole, allegedly with links to the inner circle of the Syrian government, provided opposition group "Supreme Council of the Revolution" with the usernames and passwords for each. Activists claimed that they used the information to stay a step ahead of regime moves in Damascus.

Read the rest of this article...

Read the comments on this post

March 14, 2012 11:11 PM

The president of the Syrian Arab Republic, Bashar Al-Assad

Syrian revolutionaries obtained thousands of e-mails from the personal accounts of embattled Syrian leader Bashar al-Assad and his wife. The e-mails show a cavalier attitude toward the unrest in the country, which has resulted in the deaths of about 8,000 people over the past year due to brutal government crackdowns on civilians protesting Assad's rule.

The Guardian obtained more than 3,000 documents that activists claim to be the private e-mails of ruling couple Bashar and Asma al-Assad, sam@alshahba.com and ak@alshahba.com. The activists obtained access to the presidential couple's accounts in June 2011 after a mole, allegedly with links to the inner circle of the Syrian government, provided opposition group "Supreme Council of the Revolution" with the usernames and passwords for each. Activists claimed that they used the information to stay a step ahead of regime moves in Damascus.

Read the rest of this article...

Read the comments on this post

March 14, 2012 11:11 PM


Hack a Day

rfid-jukebox

[Dominik] built a fun musical toy for his daughter [Anna]. It’s a jukebox that lets her play her favorite tunes using RFID tags to select between them.

The project is simple, yet robust. The enclosure is a wooden craft box that you can pick up for a couple of bucks. Inside there’s an Arduino with a Wave Shield which handles the audio playback. An RFID reader takes input from the set of card-tags he procured. An internal Lithium battery powers the device, with a USB port for charging.

Sure, those guts have some cost involved in them. But there’s no LCD which can be broken, and we thing the boards will hold up well to abuse if mounted correctly. Plus there’s a lot of future potential here. When we saw the cards we thought of those toys which make the animal sounds (“what does the cow say… mooo”). This could be used for that with really young children. Then repurposed into this jukebox as they get a bit older. If you put the guts in a new enclosure it will appear to be a brand-new toy, right?

See a demo of the project in the clip after the break.


Filed under: digital audio hacks, toy hacks


March 14, 2012 11:01 PM


Ars Technica

McAfee became the latest major IT company refusing to work with the Pakistani government

On Monday evening, McAfee became the fifth major IT vendor to pledge it won't bid on a Request for Proposals from the Pakistani government for adding enhanced censorship capabilities to Pakistan's Internet backbone. Four other major IT companies have also pledged not to submit bids, and more than 16,000 people have signed a petition urging other companies to follow suit.

As we reported last month, Pakistan currently censors a wide variety of websites, including content that is "obscene," "blasphemous," and potentially embarrassing to public officials. Right now, the blacklists are maintained manually by Pakistani telecom companies, and those firms are overwhelmed. The Pakistani government wants to build a more centralized and automated system.

Read the rest of this article...

Read the comments on this post

March 14, 2012 10:30 PM


Gizmag

Laser un-printers could help save the trees

Laser 'un-printers' would allow paper to be re-used, reducing the need for virgin wood pul...

If you’re concerned about deforestation, you likely blue-bin the no-longer-needed sheets of paper that have been run through your printer. You should keep in mind, however, that even though the recycling of that paper saves trees, the process still requires considerable energy, and most recycled paper still contains some virgin wood pulp. What would be better is if there were an “un-printer” that took the toner <em>off</em> of the used paper, so you would be left with a blank sheet that you could reuse. Well, thanks to research being conducted at the University of Cambridge, there soon may be... Continue Reading Laser un-printers could help save the trees

Section: ecoGizmo

Tags: , , , , , , ,

Related Articles:


March 14, 2012 10:13 PM

    page 1 of 20  [next]  [last]    [view as one page]