Google Releases Google Chrome 25.0.1364.87

Original release date: February 21, 2013 | Last revised: March 15, 2013

Google has released Google Chrome 25.0.1364.87 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security features.

US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update to Chrome 25.0.1364.87.


This product is provided subject to this Notification and this Privacy & Use policy.


Apple, Facebook & Hundreds More Hacked By 0-Day Java Exploit

There’s an awful lot of high profile hacks going on lately, with some people linking them to the Chinese and a large-scale attack on Western companies. Before this, Twitter Breach Leaks 250,000 User E-mails & Passwords – was probably the most high profile case. Now Apple, Facebook and quite possibly hundreds of other companies...

Read the full post at darknet.org.uk

Donald Trump’s Twitter “seriously hacked,” tweets Lil Wayne lyrics

Exotically coiffured businessman and self-appointed Republican visionary Donald Trump is the owner of the latest high-profile Twitter account to be hacked. Trump joins the esteemed ranks of Burger King and Jeep, with both companies suffering compromised accounts in the last few days.

The Trump hack was less colorful and briefer than the Burger King takeover. A single tweet was sent quoting a song lyric from Lil Wayne's verse in the will.i.am ditty "Scream & Shout." Trump appeared to declare, "These hoes think they classy, well that's the class I'm skippen."

Unamused by the hack—and perhaps cognizant of the serious reputation damage being outed as a will.i.am listener could cause—Trump later tweeted, "My Twitter has been seriously hacked--- and we are looking for the perpetrators." He went on to warn such exploits could render Twitter "irrelevant."

Read 1 remaining paragraphs | Comments

Malicious Mandiant Report in Circulation

The report, APT1: Exposing One of China's Cyber Espionage Units, published by Mandiant earlier this week has drawn worldwide attention by both the security world and the general public. This interest is due to the conclusion the report has drawn regarding the origin of targeted attacks, using advanced persistent threats (APT), performed by a certain group of attackers dubbed the Comment Crew. You can read Symantec’s response to the report here.

Today, Symantec has discovered someone performing targeted attacks is using the report as bait in an attempt to infect those who might be interested in reading it. The email we have come across is in Japanese, but this does not mean there are no emails in other languages spreading in the wild. The email purports to be from someone in the media recommending the report. As you can see in Figure 1, the attachment is made to appear like the actual report with the use of a PDF file and the name of the company as the file name. However, like in many targeted attacks, the email is sent from a free email account and the content of the email uses subpar language. It is obvious to a typical Japanese person reading the email that it was not written by a native speaker.

When the fake report, which Symantec detects as Trojan.Pidief, is opened, a blank PDF is shown but in the background exploit code for Adobe Acrobat and Reader Remote Code Execution Vulnerability (CVE-2013-0641) is executed. The PDF file may drop Trojan.Swaylib and Trojan.Dropper, which drops Downloader, if the vulnerbility is successfully exploited. Could the Comment Crew be playing a prank in response to the publication? The truth is we don’t know.

Figure 1. Malicious email purporting to contain the report

Similar tactics have been used in the past, one of which actually involved Symantec. Back in 2011, when we released a whitepaper on another group performing targeted attacks, the attackers took the opportunity to use the publication to infect those interested in reading the paper. They did this by spamming targets with the actual whitepaper along with malware hidden in an archive attachment.

If you want to read the actual Mandiant report, or any other for that matter, we advise you to download it directly from the company’s website. The Mandiant download page also provides the hash of the file so that viewers can confirm its authenticity. It is also a good idea to check the hash if you are unsure where you acquired the file from.

Update - February, 2013

Initially, this blog stated that the PDF file didn't drop any additional malware. However, after further analysis, it has been found to drop malware in some environments. The blog has been updated to reflect this finding.

We have also confirmed that there are multiple variants of the malicious fake report.