In the news this week: we’ll revisit the Microsoft-NoIP takedown situation, discuss the week’s most important security updates, take a look at a new World Cup themed scam, and check in on the world of Android Vulnerabilities.
Microsoft V. NoIP
As we wrote in last week’s Friday news round-up, Microsoft filed a temporary restraining order against a small hosting company called No-IP, which allowed them to seize control of just fewer than two dozen domains registered with that company. Microsoft alleged that the company was profiting by allowing criminals to host malware-laced domains and botnet infrastructure on the sites they controlled. No-IP and a number of folks in the security industry contested the move quite strongly, though the takedown had its proponents as well. If you want a bit of background covering all sides of the incident, Costin Raiu, the director of Kaspersky Lab’s Global Research and Analysis Team, wrote an article about the takedown on Securelist and Dennis Fisher wrote a report on Threatpost.
Unfortunately for the Redmond, Washington-based computer giant, the lawsuit and seizure were only the beginning of their latest takedown saga. On Monday, Microsoft returned all 23 seized domains to Vitalwerks, the company that owns No-IP. Shortly after returning the domains to No-IP, Microsoft said it was working with the company to better determine which specific domains were acting maliciously.
However, later in the week, Microsoft released a joint statement announcing that they had reached a settlement deal with Vitalwekrs and admitting that the company “was not knowingly involved with the subdomains used to support malware.” In the end, the two companies worked together to identify and disable the offending domains.
Patch Tuesday and Other Fixes
If you haven’t already, you’re going to want to go ahead and install those updates from Microsoft and Adobe. Microsoft shipped six bulletins addressing a total of 29 security vulnerabilities.
Only one of Microsoft’s bulletins warrants a mention here: the cumulative update for Internet Explorer. Kurt Baumgartner, Kaspersky Lab’s principle security researcher, wrote in his analysis of the patches that the 23 Internet Explorer remote code execution bugs fixed by this update require immediate attention.
In other patching news, Yahoo fixed some nasty bugs in its Mail and Messaging services as well as the photo sharing service it owns, Flickr. Before Yahoo shipped the fix, the three remotely exploitable vulnerabilities in its services could have given attackers the ability to inject malicious script, which in turn could have led to session hijacking, phishing, and more.
Hanging Up on Android
Researchers from Curesec published a blog detailing a pair of interesting vulnerabilities that could be exploited toward a number of interesting, albeit malicious ends. The bugs could essentially let an attacker subvert the Android permission model with malicious or rogue application to make or end calls or send unstructured supplementary service data (USSD) codes on a vulnerable device.
These bugs could be of interest for a few reasons. An attacker could make money by compelling an Android device to make phone calls to premium rate numbers under his or her control, charging the owners of the devices in question for making such calls. On the point of USSD codes, the researchers explained these codes serve a long list of utilities and could give attackers the ability to set up call forwarding rules, disable SIM cards, and more.
World Cup Scams
I’m not really sure I understand why a petition to reinstate a grown man that bit another man in what is supposed to be the world’s grandest spectacle of global sportsmanship would be an effective phishing lure, but what do I know?
If you’re a bit lost, I’ll fill you in: Luis Suarez, the forward on the Uruguayan national soccer (football) team and one of the most talented goal scorers in the world was banned form the World Cup this year. He was banned for biting Italian defender Giorgio Chiellini. Oddly enough, this isn’t the first or even the second time Suarez has used his teeth to attack another player.
At any rate, as scammers love to do with any event garnering heavy media attention, phishers created a fake webpage which purported to be a petition to reinstate Suarez. Visitors to the fake site, which masqueraded as the legit FIFA website, were asked to sign the petition and fill in their names, countries of residence, email addresses and mobile numbers.
This is just one of many ongoing World Cup themed scams.
A week in the news with the @Kaspersky Daily discusses #WorldCup scams and #PatchTuesday:
Tweet