The Tech Corner is a technology news and advice column presented each week courtesy of Melvin McCrary at Georgia Computer Depot in Cedartown.
Windows malware is in 132 apps hosted on official Google Play store
According to security experts, all 132 apps contained a tiny iframe inside the source code of HTML pages showed at some point or another to their users.
This iframe attempted to connect to remote servers and download another payload.
All the remote servers were down when researchers came across the infected apps, but servers were known hotspots for malicious activity, being involved in many Windows malware distribution campaigns.
All app developers located in Indonesia
Researcher also discovered that the seven developers of the 132 infected apps appear to reside in Indonesia, meaning they most likely used a malicious torrent to download an infected IDE, or were victims of a local malware distribution campaign.
Google has temporarily removed the apps from the Play Store.
Yahoo CEO gives bonus to employees
Yahoo CEO Marissa Mayer announced she’ll forgo her annual bonus ($2 million) and equity grant ($14 million), which she’ll be redistributing to Yahoo employees instead.
Her announcement comes on the same day Yahoo filed its quarterly 10-K report with the SEC, where the company revealed that a third-party forensics firm discovered clues that over 32 million Yahoo accounts might have been accessed illegally using forged cookies in 2015 and 2016.
Yahoo says these account hacks are related to a data breach it disclosed last year.
Hackers accessed 32 million Yahoo accounts using forged cookies
The filing revealed that Yahoo knew the attacker had accessed proprietary source code that allowed him to learn how to create forged cookies and access Yahoo accounts without the user’s password.
Initially, Yahoo said the attacker used this technique to access only a few accounts.
This may also be one of the reasons why Yahoo blamed the incident on a state-sponsored actor, believing these were targeted attacks carried out only against a handful of selected individuals.
In yesterday’s latest SEC filing, Yahoo says that the number of Yahoo accounts compromised via forged cookies is bigger than the initial estimation, and is now at over 32 million.
Ransomware for dummies
Among today’s fastest-growing cybercrime epidemics is “ransomware,” malicious software that encrypts your computer files, photos, music and documents and then demands payment in Bitcoin to recover access to the files.
A big reason for the steep increase in ransomware attacks in recent years comes from the proliferation of point-and-click tools sold in the cybercrime underground that make it simple for anyone to begin extorting others for money.
Ingenico overlay skimmers
“Overlay” card and PIN skimmers made to be placed atop Ingenico-brand card readers at store self-checkout lanes. I’m revisiting the topic again because a security technician at a U.S.-based retailer recently shared a few photos of several of these devices pulled from compromised card terminals, and the images and his story offer a fair bit more detail than in previous articles.
A handful of readers have inquired as to the whereabouts of Microsoft‘s usual monthly patches for Windows and related software.
Microsoft opted to delay releasing any updates until next month, even though there is a zero-day vulnerability in Windows going around. However, Adobe did push out updates this week as per usual to fix critical issues in its Flash Player software.
In a brief statement this week, Microsoft said it “discovered a last minute issue that could impact some customers” that was not resolved in time for Patch Tuesday, which normally falls on the second Tuesday of each month.
In an update to that advisory posted on Wednesday, Microsoft said it would deliver February’s batch of patches as part of the next regularly-scheduled Patch Tuesday, which falls on March 14.
The value of a hacked account
One of the most-viewed stories on this site is a blog post+graphic that I put together last year to illustrate the ways that bad guys can monetize hacked computers. But just as folks who don’t bank online or store sensitive data on their PCs often have trouble understanding why someone would want to hack into their systems, many people do not fully realize how much they have invested in their email accounts until those accounts are in the hands of cyber thieves.
One prominent credential seller in the underground peddles iTunes accounts for $8, and Fedex.com, Continental.com and United.com accounts for USD $6. Groupon.com accounts fetch $5, while $4 buys hacked credentials at registrar and hosting provider Godaddy.com, as well as wireless providers Att.com, Sprint.com, Verizonwireless.com, and Tmobile.com. Active accounts at Facebook and Twitter retail for just $2.50 apiece.
Some crime shops go even lower with their prices for hacked accounts, charging between $1 to $3 for active accounts at dell.com, overstock.com, walmart.com, tesco.com, bestbuy.com and target.com, to name just a few.
Those same contacts may even receive a message claiming you are stranded, penniless in some foreign country and asking them to wire money somewhere.
If you’ve purchased software, it’s likely that the license key to that software title is stored somewhere in your messages. Do you use online or cloud file-storage services like Dropbox, Google Drive or Microsoft Skydrive to backup or store your pictures, files and music? The key to unlocking access to those files also lies in your inbox.
Gmail.com, Hotmail/Live.com, and Yahoo.com all now offer multi-step authentication that users can and should use to further secure their accounts. Dropbox, Facebook and Twitter also offer additional account security options beyond merely encouraging users to pick strong passwords.
Have winter weeds taken over your lawn? The seed (for next year’s crop) mature in late winter and early spring. The grassy winter annuals include annual bluegrass and little barley. Broad leaf winter annuals include henbit, common chick weed, pepperweed, Carolina geranium, buttercup, wild garlic, and Shepherd’s purse. Seed from last year’s crop of summer weeds are present and will germinate in March.
To control existing winter weeds in the dormant lawn and very early March:
Use a post-emerge herbicide to kill existing weeds, and
Keep your lawn mowed closely at recommended heights for your types of lawn grass.
Most winter weeds cannot tolerate close mowing and will be stressed, damaged, or even killed by mowing heights used on warm-season lawns.
Plan to use a pre-emergence herbicide next fall to kill next year’s crop. If you have had several winter weeds to mature and produce seed, you will certainly have the potential for a big weed crop next winter. Make notes and plans now.
Do not fertilize lawns with warm-season grasses in March. Winter weeds are in “prime time.” Warm-season turf is dormant, or nearly so. To fertilize in these months only encourages rampant weed growth and seed production. Warm-season grasses are not yet actively growing and do not benefit from early spring applications of fertilizer.
Plan to use a pre-emerge herbicide in late winter to control summer annuals that will be sprouting then.
If you need further information about controlling weeds in your lawn, contact us at the Polk County Extension Office at 770-749-2142 or firstname.lastname@example.org.
Palatini enters guilty plea for sexual exploitation of a child
A case that began a decade ago came to an end Tuesday before Tallapoosa Circuit Superior Court Judge Michael Murphy as Gerald Palatini Jr. entered a guilty plea.
Palatini, 60, was sentenced to 15 years on probation and will pay a $10,000 fine for one count of sexual exploitation of a child.
District Attorney Jack Browning recommended a sentence of 20 years in prison to serve 5 years and a $10,000 fine to the court.
Murphy said he took into consideration the loss of Palatini’s business and license to practice dentistry as part of his reason for keeping the fine low.
“I’m not overlooking the fact that your life and your children’s lives have been a living hell for the past 10 years,” Murphy said. “I can’t condone what you did.”
Palatini will be required to follow the guidelines set forth for sexual offenders, but will be allowed to continue to see his children and grandchildren.
Murphy, however, told him to use “shrewd thought when engaging in community activities.”
Palatini said he had been forgiven by his family for his actions, and they remain close.
During a larger investigation of child pornography trafficking by a division of Immigrations and Customs Enforcement, Palatini’s IP address and financial information was scooped up along with others, and forwarded along to the Georgia Bureau of Investigation, according to Browning.
In December 2007, Palatini’s residence was searched under a warrant obtained by the GBI and agents found images classified as child pornography, Browning told the court.
Palatini was later charged in 2009, indicted in 2011, and motions to dismiss his case went before the Georgia Court of Appeals before it was handed back down to the Superior Court and ended before Murphy’s bench.
Palatini’s attorney, Wright Gammon, said his client had previously been an upstanding member of the community, now ostracized in his hometown for the past decade.
“He made a bad mistake in his bedroom in his home,” Gammon said. “He doesn’t disagree with that… It’s cost him so much and he’s 60, and other than what happened in his home a decade ago, he has an unblemished record.”
Browning countered that no matter his previous standing in the community, Palatini broke the law and should be punished.
“Maybe people in the community don’t know Dr. Palatini as well as they thought they did,” Browning said.
“I realize I made a mistake,” was Palatini’s own response to the charge during court proceedings before the sentence was handed down.
The Polk County Jail releases arrest reports on weekday mornings. Click the attached PDF to find the March 7, 2017 report.