Palm Pre flaw lets hackers bug calls A specially-crafted vCard, or virtual business card, could be used to exploit the vulnerability in the Palm Pre's WebOS operating system as the handheld does not employ any security measures, Basingstoke-based WMR InfoSecurity said on Wednesday. The company discovered that a malicious vCard can be transferred to the phone using SMS, Bluetooth or via the web browser. Simply viewing the vCard is enough to fully compromise the business-focused handheld, which results in the intruder being able to remotely bug the device, it said. Once exposed, recordings can be fully controlled by the attacker. The phone can be forced to transmit and record audio and data at the hacker's will, either continuously or on-demand, according to Alex Fidgin, the director of MWR Security. Recordings of bugged calls can then be sent without the owner's permission back to the source of the malicious vCard, using either Wi-Fi or 3G connections at intervals of the hacker's choosing. Fidgin said that WMR InfoSecurity informed Palm of the flaw when it was discovered in May, but that it has still not been addressed by the handset maker. "The flaw could have been 'fixed' when the mobile phone companies issued new operating software recently, but they did nothing," said Fidgin. Palm, which was acquired by HP in April, declined to confirm the existence of the flaw or give a timescale for a patch, saying it does not comment on specific security issues. It also would not comment directly on WMR InfoSecurity's statement that it had given the handheld company three months to put a fix in place before it went public with the vulnerability. "Palm takes security very seriously... We do thoroughly investigate any potential security risks brought to our attention. We have procedures in place for security researchers to responsibly report risks and we partner with them to make sure any vulnerabilities are addressed and pushed to WebOS users via our over-the-air update system," said a spokeswoman for the handheld company. Also on Wednesday, MWR InfoSecurity said it had discovered a flaw in the Google Android OS. The vulnerability allows the transmission of confidential information, such as online banking credentials, passwords and email, if the user visits a malicious web page from the Android browser. Google said that it is not aware of any devices being exploited via the hole. It also noted that the bug is not specific to Android, as Apple's Safari and other mobile browsers are built on the same WebKit platform. The company added that the weakness had been patched in the Android Froyo update. "As always, mobile phone users can protect themselves by only visiting web sites they trust," Google's spokeswoman said. The Android platform has also become the target of its first SMS Trojan, which sends out premium-rate text messages from a users' phone with their consent. The malicious app arrives disguised as a media player. However, security experts believe that the risk to the UK market is minimal as the attack centres on a Russian shortcode text service. Source: ZDNet |
| Stuxnet could hijack power plants, refineries A worm that targets critical infrastructure companies doesn't just steal data, it leaves a back door that could be used to remotely and secretly control plant operations, a Symantec researcher said on Thursday. The Stuxnet worm infected industrial control system companies around the world, particularly in Iran and India but also companies in the U.S. energy industry, Liam O'Murchu, manager of operations for Symantec Security Response, told CNET. He declined to say how may companies may have been infected or to identify any of them. "This is quite a serious development in the threat landscape," he said. "It's essentially giving an attacker control of the physical system in an industrial control environment." The malware, which made headlines in July, is written to steal code and design projects from databases inside systems found to be running Siemens Simatic WinCC software used to control systems such as industrial manufacturing and utilities. The Stuxnet software also has been found to upload its own encrypted code to the Programmable Logic Controllers (PLCs) that control the automation of industrial processes and which are accessed by Windows PCs. It's unclear at this point what the code does, O'Murchu said. An attacker could use the back door to remotely do any number of things on the computer, like download files, execute processes, and delete files, but an attacker could also conceivably interfere with critical operations of a plant to do things like close valves and shut off output systems, according to O'Murchu. "For example, at an energy production plant, the attacker would be able to download the plans for how the physical machinery in the plant is operated and analyze them to see how they want to change how the plant operates, and then they could inject their own code into the machinery to change how it works," he said. The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files ending in ".lnk." It infects machines via USB drives but can also be embedded in a Web site, remote network share, or Microsoft Word document, Microsoft said. Microsoft issued an emergency patch for the Windows Shortcut hole last week, but just installing the patch is not enough to protect systems running the Siemens program because the malware is capable of hiding code in the system that could allow a remote attacker to interfere with plant operations without anyone at the company knowing, according to O'Murchu. "There may be additional functionality introduced into how a pipeline or energy plant works that the company may or may not be aware of," he said. "So, they need to go back and audit their code to make sure the plant is working the way they had intended, which is not a simple task." Symantec researchers know what the malware is capable of but not what it does exactly because they are not done analyzing the code. For instance, "we know it checks the data and depending on the date it will take different actions, but we don't know what the actions are yet," O'Murchu said. This new information about the threat prompted Joe Weiss, an expert in industrial control security, to send an e-mail on Wednesday to dozens of members of Congress and U.S. government officials asking them to give the Federal Energy Regulatory Commission (FERC) emergency powers to require that utilities and others involved in providing critical infrastructure take extra precautions to secure their systems. The emergency action is needed because PLCs are outside the normal scope of the North American Electric Reliability Corp.'s Critical Infrastructure Protection standards, he said. "The Grid Security Act provides emergency powers to FERC in emergency situations. We have one now," he wrote. "This is essentially a weaponized hardware Trojan" affecting PLCs used inside power plants, off-shore oil rigs (including Deepwater Horizon), the U.S. Navy's facilities on ships and in shore and centrifuges in Iran, he wrote. "We don't know what a control system cyberattack would look like, but this could be it," he said in an interview. The situation indicates a problem not just with one worm, but major security issues across the industry, he added. People fail to realize you can't just apply security solutions used in the information technology world to protect data to the industrial control world, he said. For example, Department of Energy intrusion detection testing didn't and would not have found this particular threat and anti-virus didn't and wouldn't protect against it, Weiss said. "Antivirus provides a false sense of security because they buried this stuff in the firmware," he said. Last week, a Department of Energy report concluded that the U.S. is leaving its energy infrastructure open to cyberattacks by not performing basic security measures, such as regular patching and secure coding practices. Researchers worry about security problems in smart meters being deployed in homes around the world, while problems with the electrical grid in general have been discussed for decades. One researchers at the Defcon hacker conference in late July described security problems in the industry as a "ticking time bomb." Asked to comment on Weiss' action, O'Murchu said it was a good move. "I do think this is a very serious threat," he said. "I don't think the appropriate people have realized yet the seriousness of the threat." Symantec has been getting information about computers infected by the worm, which appears to date back at least to June 2009, by observing connections the victim computers have made to the Stuxnet command-and-control server. "We're trying to contact infected companies and inform them and working with authorities," O'Murchu said. "We're not able to tell remotely if (any foreign attack) code was injected or not. We can just tell that a certain company was infected and certain computers within that company had the Siemens software installed." O'Murchu speculated that a large company interested in industrial espionage or someone working on behalf of a nation-state could be behind the attack because of its complexity, including the high cost of acquiring a zero-day exploit for an unpatched Windows hole, the programming skills and knowledge of industrial control systems that would be necessary and the fact that the attacker tricks victim computers into accepting the malware by using counterfeit digital signatures. "There is a lot of code in the threat. It's a large project," he said. "Who would be motivated to create a threat like this? You can draw your own conclusions based on the countries targeted. There is no evidence to indicate who exactly could be behind it." Source: CNET Security News |
| Facebook Dislike button scam spreads virally Have you seen a message like this on Facebook?  I just got the Dislike button, so now I can dislike all of your dumb posts lol!! If so, don't click on the link. It's the latest survey scam spreading virally across Facebook, using the tried-and-tested formula used in the past by other viral scams including "Justin Bieber trying to flirt", "Student attacked his teacher and nearly killed him", "the biggest and scariest snake" and the "world's worst McDonald's customer". We've also seen slightly different wording - but pointing to the same scam.  Falling for any of these scams (which promise some lurid or eye-popping or exclusive content) typically trick you into giving a rogue Facebook application permission to access your profile, posting spam messages from your account and asking you to complete an online survey. And the same is true with this latest scam, which tempts you with the offer of a "dislike" button (as opposed to the normal "like" button) so you can express your opinions on other users' posts, links and uploads.   If you do give the app permission to run, it silently updates your Facebook status to promote the link that tricked you in the first place, thus spreading the message virally to your Facebook friends and online contacts:  But you still haven't at this point been given a "Dislike" Facebook button, and the rogue application requires you to complete an online survey (which makes money for the scammers) before ultimately pointing you to a Firefox browser add-on for a Facebook dislike button developed by FaceMod. As far as we can tell, FaceMod aren't connected with the scam - their browser add-on is simply being used as bait. So, if you really want to try out FaceMod's add-on, get it direct from the Firefox Add-ons webpage, not by giving a rogue application permission to access your Facebook profile. Source: Graham Cluley, Sophos Weblog |
| Summary of payments malware attack spammed out The emails, which have the subject line "Summary of payments" have a ZIP file attached to them which contains the Troj/Bredo-EB Trojan horse. Summary of payments malicious email  The emails have the following characteristics: Subject: Summary of payments Attached file: 2010 Financing.123.zip Message body: <recipient's first name>, Attached are two files showing the amounts paid this past year. The files are in Lotus 1-2-3 but I think you can open these in Excel or the Open office spread sheet. This is working very nicely. <sender's name> Of course, the emails haven't really been sent to you by the apparent "sender" - the cybercriminals have forged the from: address. As always, you shouldn't let curiousity get the better of you. Practise safe computing and always be suspicious of unsolicited attachments sent to you out of the blue. Source: Graham Cluley, Sophos Weblog |
| New Facebook Clickjacking Worm There was a Facebook clickjacking worm back in May which was dubbed Likejacking — for a number of weeks the threat ran rampant throughout Facebook. Since then, it has calmed down quite a bit and we don’t see much likejacking anymore. However, today we came across a new form of clickjacking where, instead of tricking the user into liking something, it tricks them into using the Facebook “Share” feature without requiring the user to acknowledge the fact that they’re sharing it.  It starts off on a suspicious looking Facebook fan page where they offer the opportunity to see the “Top 10 Funny T-Shirt Fails ROFL.” Once the page is loaded, it loads the appropriate tab and grabs the malicious script from an external domain that silently forces the user automatically share the page on their profile.  Users running the Firefox plugin NoScript who click on the Next button on step 2 will notice the following warning popup.  Had you not been running NoScript you’d notice, or more likely you wouldn’t notice, that your profile page would now have shared content linking users to a malicious domain. Clicking the link sends you to one of many fan pages all serving the exact same content. It seems a fan page is chosen at random.  If you happen to be one of the people who fell victim to this scam be sure to click the “Remove” option as seen in the image above to clear the content from your profile. This will help prevent friends of yours from being compromised and possibly falling victim to the scam.  Finally, in the last step they ask you to fill in the actual survey that was used for a different Facebook threat seen earlier in the week. The whole purpose of having them spread this threat virally is to get as many people as they can to fill in these surveys for monetary gain. Of course, you might find yourself doing more than just filling out a simple survey. When attempting one of the surveys, they requested my cell phone number. Before filling it in I decided to read the fine print, which reads as follows. “The Awesome Test for asking questions and getting answers from our human-powered response team for unlimited answers. This is an auto renewing subscription service that will continue until canceled. To cancel the service at anytime Text STOP to short code. Available to users over 18 for $5/Week charged on your wireless account or deducted from your prepaid balance. Unlimited answers to questions. For support: text HELP or call 800-916-3070. Message and data rates may apply. Your phone must have text messaging capability. You must be the owner of this device or have permission from the owner. By signing up for this service and entering your personal PIN Code delivered to the cell phone number supplied by you on this website, you acknowledge that you are agreeing to the full Terms of Use. Click here for full Terms & Conditions. For Privacy Policy Click here.” In other words, by providing your cell phone number you’re subscribing to a paid phone service that charges you $5 per week via your cell phone provider. Unfortunately most people won’t read the fine print and will willingly hand over the information and likely won’t notice the charges until the end of the month. Source: Sophos Weblog |
| Axl Rose's Twitter account gets hacked A spokesman for the Guns N' Roses rock group has confirmed that lead singer Axl Rose's Twitter account has been hacked, and that their European tour is proceeding. Headbangers were alarmed on Sunday to see a message on frontman Axl Rose's Twitter page that all upcoming performances were cancelled, and retweeted the message: All upcoming Guns N' Roses dates are officially cancelled. Please contact your place of purchase for any refunds. However, some fans were skeptical about the announcement that future performance dates had been axed. Note, for instance, that Axl Rose isn't that regular a poster on Twitter. In fact, before this latest announcement the last update on his Twitter account dates from May 20th, and in fact he's only ever posted on the system (if we include this most recent message) 36 times.  Furthermore, whereas Axl Rose's previous Twitter updates via the Twitter for iPhone application, this latest announcement comes "via mobile web" (which means it was posted from mobile.twitter.com). In the past, well known figures such as Lindsay Lohan, British politician Ed Miliband, John C Dvorak and Britney Spears, as well as organisations such as the New York Times and BP America, have had their Twitter accounts broken into by hackers. At the time of writing, Axl Rose's account still carries the announcement that tour dates are cancelled, and no retraction has been published. Whether this is because the bandana-wearing cauterwauling wild man of rock hasn't yet regained control of his Twitter account, or perhaps simply doesn't care that a fraudulent message has been sent to his 68,000 followers, isn't at this point obvious. Don't forget, you should always choose a hard-to-guess non-dictionary word as your Twitter password, and never use the same password on multiple websites. Also, be on your guard against phishing sites and ensure that your computer is running up-to-date anti-virus software to protect against keylogging spyware which may attempt to steal your information. Source: Graham Cluley, Sophos Weblog |
| Romance email scam drives father to suicide A ghastly story reaches me of a man who committed suicide, after losing $50,000 to West African romance scammers. 67-year-old Al Circelli, shot himself in the living room of his home in Yonkers, New York, after - his family say - he became embroiled in an international romance scam that caused him to lose thousands of dollars and even steal from his relatives. Circelli's son Peter says he stumbled across evidence that his late father had wired considerable amounts of money to Ghana, and discovered email messages and photos on his father's laptop supposedly from a woman called Aisha, who wanted to come to the USA to begin a new life and promised to bring a small fortune with her According to media reports, "Aisha" needed money to be sent to her in Ghana via Western Union to pay for expenses - and when Circelli ran out of his own money, he took out credit cards in his son's name and stopped making mortgage payments. Peter Circelli says that his father commited suicide on the day that "Aisha" was due to arrive in the USA but, of course, she never showed up. Bizarrely, an email message has been found on the dead man's laptop from a Ghanaian intermediary in the money transactions claiming that "Aisha" had also killed herself. What's really sickening about criminal scammers is that they are taking advantage of the vulnerable - whether the victims be middle-aged men and women who are guilty of nothing but a desire to find love, or the naive who believe that there investment opportunities which arrive out of the blue could bring them fortunes, there seem to be plenty of people who do still fall for these scams. And, as we see in Al Circelli's story, can actually end in real tragedy. Source: Graham Cluley, Sophos Weblog |
| Justin Bieber giving away free concert tickets? Facebook scam spreads virally A Facebook scam claiming to offer free tickets to a Justin Bieber concert is in fact signing up teenagers to an expensive premium rate mobile phone service. Messages intercepted by Sophos are appearing on Facebook reading: WOW! Justin Bieber Is Giving Away Free Concert Tickets Now!  Obviously, many fans of the pint-sized popstar will be eager to get their paws on tickets to a Justin Bieber concert and so may be only too willing to click on the attached bit.ly link.  However, what they will find is that they are being scammed by tricksters, who are using the lure of free Justin Bieber concert tickets to trick the unwary into giving permission for a rogue application to post updates to their Facebook wall and status. The messages claim that the Facebook user "has just snagged 4 free tickets to see Justin Bieber!" (they haven't, of course) with the headline "Justin Bieber Free Concert Ticket Giveaway! Justin Bieber World Tour".   Of course, these messages are designed to ensnare more people into the trap - thus spreading the scam virally. And why do the scammers want to spread such a message? Well, it's possible that they could use their rogue application to post more spam (perhaps including malicious links in the future), but the more immediate danger is that in your hunt for the free tickets you will agree to enter your mobile phone number, signing you up for a premium rate service that will cost you some £4.50 per week.  All in all, this appears to be a dirty rotten trick to con young people out of money. You should always think twice about messages like this, even when apparently shared by your friends, and especially when you are asked to install an application that can access your Facebook profile. This is far from the first time that Justin Bieber's popularity has been exploited by Facebook cybercriminals. In the past we've seen claims that Bieber has been caught being naughty on his webcam, that he has been caught flirting, that his cellphone number has been released on the net, and pictures of him and Cheryl Cole being used as bait. In fact, he's perhaps the celebrity that Facebook scammers are mostly likely to have in their arsenal right now. Source: Graham Cluley, Sophos Weblog |
| Android Application Security Installing an application on an iPhone is a bit different than installing an application on an Android based system. With the iPhone you go to the App Store, select your application (and pay if required) then download and install it. For the Android based phones you go to the Android Market, select your application, download it and then you must approve of the access to your phone that the application will have. For non-technical people this may seem like a waste of time, but in fact it gives you some really interesting information. Let’s take the application MotoSpeak as an example. Motospeak is an application that works with the Motorola h17txt Bluetooth headset. Using the headset and the MotoSpeak app when you receive a text message it will speak the text to you and send an SMS telling the sender that you will reply later… even if you won’t be replying. Upon choosing to install MotoSpeak a screen comes up and advises that the application has access to the following: Your personal information – read contact data, write contact data Services that cost you money – directly call phone numbers, send SMS messages Your messages – read SMS or MMS, receive MMS, receive SMS, receive WAP Network communication – Create Bluetooth connections, full internet access Your accounts – act as an account authenticator, manage the accounts list Phone calls – read phone state and identity These permissions make sense for what the application needs to do, however if Motorola wanted to, they could abuse the permissions. How? Look at the combination of permissions. Although I am confident that Motorola didn’t program MotoSpeak to do the following, by installing the application I have allowed enough access for Motorola to copy all of my contacts and send them SMS messages saying anything they want to say. Motorola could send themselves my entire contact list with email addresses and phone numbers. Just because you know why an application needs permissions, it does not mean that that application was not written to also abuse those permissions. This is one of the reasons that you should have a fairly good reason to trust a developer before you install an application. Let’s take a look at another application. Tapsnake is no longer available on the Android Market because it is spyware. If you looked at the permissions before downloading you would see that it is able to access your GPS, and use the internet, among other things. There is no reason that a game likes this needs those permissions and the reason it wanted them is that it secretly was broadcasting the user’s location to a server. The description of the game didn’t mention the spying, but understanding that there is no way such a game should be requiring such permissions means that you can make the educated decision not to install the application. I randomly searched on androlib.com and selected a game called Pacific Wings. I didn’t install it or even download it, but I did look at the permissions. The game only asks for one permission, the ability to use the Internet. I sent an email to the developer asking why such a game needed Internet access? The developer responded back “The internet-permission is needed for the in-game-ads (to keep the game free). This is a legitimate way to distribute games, however do expect ads that take you to malicious sites to be appearing. The Android security model is really very cool, however most people will not understand or pay attention to what permissions they grant the apps they download. If people generally did pay attention then I believe the platform would be approximately as safe as the iPhone, but they don’t and it takes very little to get an app onto the market. As a result there will be a lot of security problems for the Android based phones. Source: Randy Abrams, ESET Threatblog |
| English football sex cheat photos snare unwary Facebook users The British tabloid media have been getting their own back on England's international football team after a dismal performance in the World Cup, with many recently focusing on the troubled relationship between English striker fiance Peter Crouch and his glamorous lingerie model fiancee Abbey Clancy. Clancy's plans of marrying 6 foot 7 inch Crouch may be on the rocks after it was alleged that he had spent a night in Madrid with Algerian prostitute Monica Mint. With the British media obsessed with football, WAGs and sex scandals - it's no wonder that the story has been making plenty of headlines. But now Facebook scammers are jumping on the coat tails of the scandal as well, as messages are being shared by users saying:  omg.. thats disgusting ! she looks about 13! OMG.. This England Football Player Got CAUGHT F**KING A UNDERAGE PROSTITUTE! (PHOTOS) You Must See This It Is SHOCKING!... OMG You Must See This Shocking Photos! If you click on the link you are invited to share the message with your Facebook friends (thus spreading the message virally) before being allowed to see the "shocking photos".  But when you finally imagine you are going to see the shocking photos of the English football player with the "underage prostitute" you are instead taken to a series of online surveys. As is frequently the case with this sort of unwanted activity on Facebook at the moment - the mischief-makers behind the scam are earning money in the form of commission by tricking people into taking the surveys.  If you do manage to make it past the survey you'll ultimately be taken to a story published on the British tabloid The News of The World's website yesterday, covering the latest gossip about Peter Crouch's love life, and topless pictures of Monica Mint. (By the way, she's reported to be 19 years old - so not underage in most countries, including Spain and the United Kingdom)  But, of course, you didn't have to complete the online survey to see the story of Peter Crouch's shenanigans. You could have just visited The News of the World website instead. But that would have deprived the scammers of some revenue. Source: Graham Cluley, Sophos Weblog |
| New Gifts For You virus warning spreads on Facebook Many Facebook messages are spreading a warning to each other about a "virus" which is said to be spreading via the social networking system.  A typical message reads: THERE IS A VIRUS GOING THROUGH OUR COMMENTS. IT WILL START SENDING LINKS IN YOUR NAME. IT SAYS "I KNOW YOU WILL LIKE THIS" OR "LOOKING FOR SOME FUN". THEN IT HAS A PAGE LINK SAYING "NEW GIFTS FOR YOU". DO NOT OPEN THIS LINK. THEY ARE POPPING UP EVERYWHERE!! PLEASE COPY and put on your status and HELP WARN those in your circle!! There are plenty of folks raising awareness of the so-called "New Gifts For You" virus, but so far I haven't seen any evidence that the threat actually exists. It's possible that this is just a scare that has got out of hand - with users spreading a well-intentioned warning to each other based upon a rogue application that has long been shut down by the-powers-that-be at Facebook. As such, it could be argued that the warning is now a bigger problem (and certainly spreading more quickly) than any "virus" which may have inspired it. As always, Facebook users are advised to think twice about what links they click on and applications that they grant access to run - even if they appear to have been endorsed by an online friend. Also, the real Facebook Gift Shop closed at the beginning of August 2010. Source: Graham Cluley, Sophos Weblog |
| Windows DLL load hijacking exploits go wild Less than 24 hours after Microsoft said it couldn't patch Windows to fix a systemic problem, attack code appeared Tuesday to exploit the company's software. Also on Tuesday, a security firm that's been researching the issue for the past nine months said 41 of Microsoft's own programs can be remotely exploited using DLL load hijacking, and it named two of them. On Monday, Microsoft confirmed reports of unpatched -- or zero-day -- vulnerabilities in a large number of Windows programs, then published a tool it said would block known attacks. At the same time, the company said it would not patch Windows because doing so would cripple existing applications. Microsoft also declined to reveal whether any of its own applications contain bugs that attackers could exploit, saying only that it is investigating. Many Windows applications don't call code libraries -- dubbed "dynamic-link library," or "DLL" -- using the full path name, but instead use only the file name, giving hackers wiggle room that they can then exploit by tricking an application into loading a malicious file with the same name as a required DLL. If attackers can dupe users into visiting malicious Web sites or remote shares, or get them to plug in a USB drive -- and in some cases con them into opening a file -- they can hijack a PC and plant malware on it. By Tuesday, at least four exploits of what some call "binary planting" attacks -- and what others dub "DLL load hijacking" attacks -- had been published to a well-known hacker site. Two of the exploits targeted Microsoft-made software, including PowerPoint 2010, the presentation application in Office 2010, and Windows Live Mail, a free e-mail client bundled with Vista but available as a free download for Windows 7 customers. At the same time, a Slovenian security company claimed that it reported bugs in two Microsoft-made programs last March. "We're going to publish a list of the vulnerable apps we found sometime soon," said Mitja Kolsek, the CEO of Acros Security. "However, since HD Moore's tool kit is already being used for finding vulnerable apps and at this point hundreds of good and bad guys already know about it, I can say that the two we fully disclosed to Microsoft were in Windows Address Book/Windows Contacts and Windows Program Manager Group Converter." HD Moore is the U.S. researcher who kicked off a small wave of DLL load hijacking reports last week when announced he had found 40 vulnerable Windows applications. On Monday, Moore published an auditing tool that others can use to detect vulnerable software. Although the Windows Address Book -- renamed Windows Contacts with the launch of Vista in 2007 -- may be familiar to users, Program Manager Group Converter is probably not, Kolsek admitted. But both can be exploited. "They're part of every Windows installation and are associated with certain file extensions, allowing for 'double-click-bang' remote attacks," Kolsek said. "To increase the likelihood of success, an attacker can create a shortcut with a PDF or Word document icon pointing to such files, which otherwise have different, less familiar icons." Contrary to Kolsek's claim, Program Manager Group Converter, a holdover from pre-Windows 95 days, is included with Windows XP, but not with Vista or Windows 7. Altogether, Acros uncovered 121 remote execution vulnerabilities in 41 different Microsoft applications, but reported details of only the pair in Address Book/Contacts and Program Manager Group Converter. The rest were left for Microsoft's own researchers to find, said Kolsek. Like a number of other companies, notably the French firm Vupen Security, Acros has decided that it will no longer report its vulnerability discoveries to vendors without compensation. "We've been giving them away for 10 years now," said Kolsek, "and it wasn't doing anything for us." In a long post to a new Acros blog, Kolsek added that there was no bad blood between his company and Microsoft over the former's refusal to identify 119 bugs in the software vendor's products. "It was a mere incompatibility of business interests," he said. Source: Computerworld |
SoujimiSatoriAug 24, 2010 5:51 PM
| Malicious spammers launch major fake anti-virus attack SophosLabs's worldwide network of email-monitoring stations has seen a tidalwave of malicious messages being spammed out with an attachment that redirects users' web browsers to a fake anti-virus attack. The emails have subject names such as: * Parking Permit and/or Benefit Card Order Receipt - <random number> * You're invited to view my photos! * Appointment Confirmation * Your Bell e-bill is ready * Your Vistaprint Order Is Confirmed * Vistaprint Canadian Tax Invoice (<random number>) By sending emails that pose as credit card charges and free-to-view holiday snaps from Bermuda, it wouldn't be any surprise at all if some users clicked on the attached files (which go by names such as Benefit Card Order Receipt.html, Print this album.html, Appointment Confirmation.html, e-bill.html, Vistaprint Order Invoice.html, and Tax Invoice.html). Here's a closer look at two of the current spam messages we're seeing:   Opening the attached HTML file, however, redirects your web browser to a hacked website containing a malicious iFrame. This, in turn, loads scripts from other websites that load a fake anti-virus attack. So, in this attack, the hackers are using a mixture of human gullibility, poorly protected websites, and the tried-and-trusted trick of scaring users into believing that they have security problems on their PC to con them into downloading more dangerous software or handing over their credit card details. Source: Graham Cluley, Sophos Weblog |
| Apple issues PDF security patch and other Mac OS X updates Apple has patched a number of security holes in its Mac OS X operating system, including fixes for vulnerabilities that could be exploited by malicious hackers.  Vulnerabilities covered by this latest update include security holes which cybercriminals could exploit with maliciously-crafted embedded fonts, PDFs and PNG files. More details on the vulnerabilities covered by Apple's 84MB of security goodness are included in their security advisory, and it's clear that Mac OS X users would be wise to apply the security patch as soon as possible. It's important that Mac users realise that they aren't protected by magic, and the fact that Apple regularly issues security updates reflects that owners of their computers have to be security-savvy just like Windows users. Yes, there may be less malicious attacks against Apple Mac computers but that doesn't mean there are no attacks. Security Update 2010-005 can either be installed via the automated Software Update process, or downloaded directly from Apple's website. Source: Graham Cluley, Sophos Weblog |
| Outbreak: Fake Fedex Tracking Number emails carry malware Cybercriminals have spammed out a widespread email attack, distributing malware in messages pretending to come from Fedex. The emails, which have subject lines beginning "Fedex Tracking number" followed by a random reference number, pretend to come from named personnel inside "Fedex Support" and claim that the company was unable to deliver a package on the 27th of July.  Other emails being sent in the attack use a subject line of "Fedex Invoice copy" and "Fedex Item Status", both followed by a random reference number. Unlike many of the other Fedex-related malware attacks we have seen in the past, the emails carry the message about the failed delivery in the form of an image rather than text - possibly in an attempt to try and defeat more rudimentary anti-spam filters. Attached to the emails is a file called FEDEXInvoiceEE<random number>OP.zip Of course, Fedex has no connection with this malware campaign, beyond having its brandname tarnished by the hacking gang. Source: Graham Cluley, Sophos Weblog |
| Girl who had sex with 5000 men exploited by sleazy Facebook scammers Earlier this month, the (appropriately named) Daily Mail ran a story about a British woman who claims to have slept with 5000 men over the course of the last nine years. So far, so tabloid.  If you visit the "Girl who had sex with 5000 men" Facebook page you are first presented with a "Security Check" which asks you to confirm that you are over 18 years of age because some of the content may contain "shocking graphics, nudity or disrespect other individuals." From the look of the warning you may imagine it is a real Facebook warning - but it isn't theirs. It belongs to the people who are attempting to trick you into liking the page and - presumably - they believe a warning about the possibly salacious nature of the following content may encourage you to venture further into their web. The next warning goes one stage further, claiming to be a means of checking whether you are a spam bot or not.  In fact, unbeknownst to you, if you click on the numbers in the order that the warning suggests you are being invisibly clickjacked. The clickjacking attack secretly updates your Facebook profile to say that you like the page, as well as another one entitled "Why are you complaining about pervs adding you if you have slutty pictures?" Thousands of people have already "liked" the pages.  And do you get to see any material that contains "shocking graphics, nudity or disrespect other individuals"? Nope. Well, not unless you believe that original Daily Mail news report to be disrespectful. Scams like this are designed to get you to forward links to your friends, and encourage others to join groups and pages. Of course, once a large audience has been built up by the scammers they can use it for mischievous ends, or potentially send out a dangerous link or update designed to compromise your computer or earn money from your poor security. Source: Graham Cluley, Sophos Weblog |
| iPad and iPhone 4 tester scams hit Facebook Can you really get a free iPad 3G or iPhone 4 by signing up just to be a tester? It sounds too good to be true, doesn't it? And it is. But, like me, you may have seen users on Facebook who appear to be promoting special deals which offer just that. Here's an example of a typical iPad tester scam that has been seen many times on Facebook in the last few days: Heyyyyy everyone )), 3 days ago I signed up at [website link] as a tester and today I got my iPad. All you need to do is to tell them your opinion about iPad and you can keep it forever. You should hurry since i highly doubt this is gonna last forever  And here's an example of a similarly-worded iPhone 4 tester scam: Hey, 3 days ago I signed up at [website link] as a tester and today I got my iPhone4g. All you need to do is to tell them your opinion about iPhone 4g and you can keep it forever. You should hurry since i highly doubt this is gonna last forever  Many of these messages are appearing on users' photo walls.  And no, you're not going to receive a free iPad or iPhone 4. Sorry. If you've found messages like these on your Facebook profile or in your photo galleries, remove them immediately and change your passwords. You would also be wise to have a thorough overhaul of your privacy and account settings - to make sure that they're secure enough. If you see applications or "likes" of pages that you are uncertain about, remove them from your account. And, don't forget, now would be a very good time to do a virus-scan with an up-to-date anti-malware product - just in case there's some spyware lurking on your computer which is trying to grab your account details. Source: Graham Cluley, Sophos Weblog |
| Shocking hidden message on Coca-Cola logo, and other Facebook scams Once the bad guys have tricked you into adding a rogue application to your Facebook account, don't be surprised if they use it to spread more of their scams. Here's an account which suddenly started advertising a scam page, even though its user hadn't logged in for some time. In other words, they hadn't been socially engineered or clickjacked into posting this message:  The SHOCKING hidden message on Coca-Cola logo! I cant BELIEVE this Revealed Some other versions give the so-called hidden message a devilish spin: SHOCKING SATANIC Message In The Coca Cola Logo If you see one of your Facebook friends post a message like this, and click on the link you'll be walking into a trap yourself and could soon be spreading the dodgy links to your online pals as well.  And it's not just hidden messages in Coca-Cola logos. The same Facebook users are being used to spreading messages about: Girl captured DEAD on Google Street View Captured by Google and 99 facts Guys wish Girls knew! <3 These are the 99 things all Girls MUST know about guys. These facts are 100% true and absolutely SHOCKING!!!  If you've been hit by such an attack - check that your profile no longer "like"s any of these pages, and remove the right of suspicious applications to access your account. It also may be time to choose another password - make sure it's a strong one. Source: Graham Cluley, Sophos Weblog |
| Fake TweetDeck update preys on Twitter users It appears that at least one bunch of criminals weren't resting on their laurels as they spread links pointing to what they claimed was an update to the popular Twitter client, TweetDeck during the Bank Holiday weekend. * Hurry up for tweetdeck update! * Update TweetDeck! Bank Holiday * Critical tweetdeck update Bank Holiday * Sorry for offtopic, but it is a critical TweetDeck update. It won't work tomorrow!  The tweets are being posted from hacked Twitter accounts, and do not link to a legitimate update for TweetDeck. Instead, unsuspecting users are putting themselves at risk of infection by a Trojan horse. It's possible that the malicious hackers who spread the attack are taking advantage of Twitter ceasing support for basic authentication in their API today, meaning users have to be using a Twitter client which uses OAuth. Regarding this particular attack, Twitter says it is resetting the passwords of accounts that it has seen distributing the dangerous link. It's curious seeing the mention of the Bank Holiday in the malicious tweets, how many people outside the UK were aware it was a public holiday here yesterday? TweetDeck itself is a British company, and mention of the Bank Holiday might lead one to suspect that the bad guys behind this attack are also based in the UK. This isn't the first time that the folks at TweetDeck have found themselves in the gunsights of the bad guys. Earlier this month they warned that a fake TweetDeck app had been uploaded to the Android Market. Source: Graham Cluley, Sophos Weblog |
| I Don't Care button spam on Facebook It's possible that some of you are finding the seemingly endless wave of spammed-out scams on Facebook rather predictable. Clearly they must be working for the bad guys, though. Otherwise, why would they be putting effort into creating new variants of the scams to outsmart Facebook users into passing them on? Here's one of the latest - which claims to be something that many Facebook users would want - an "I Don't Care Button".  Finally!..The I Dont Care Button Is Here! Get It Now For Free... The I Don't Care Button Is Here Get It Now And Show That You Don't Care! 96% Wanted This and Now Its Here!. If you were eager to show your general meh-ness about someone's post on Facebook you might be keen for an "I Don't Care" button, but clicking on the link takes you to a familiar-looking webpage which encourages you to "like" it and share the link with your friends, before you will be given anything else. A clear reason to be suspicious.  After all, it was just last month that we saw the "Dislike button" scam spreading virally across Facebook. DownloadSquad wrote back in April about a genuine "I Don't Care" button available in the form of an extension for the Google Chrome browser, but there's no official "Dislike" or "I Don't Care" option within Facebook. Don't make life easy for the scammers, and refuse to help them take advantage of your Facebook account. Always question what you are "liking" and "sharing" with your online friends. Source: Graham Cluley, Sophos Weblog |
| FakeAV, now with sounds Recently, creators of Fake Anti Virus software have been getting quite creative and somewhat “professional” in designing the look and feel of their fake software. Now, they come with sounds.   Whenever the malware does a fake scan and finds something wrong with the user’s computer, a lady’s voice (in typical GPS style, I might add) booms out “New virus found!!”  If that’s not irritating enough, you get to hear her sweet voice again when she pesters you to “Please activate your Antivirus software”.  But don’t let her melodious voice fool you; she’s certainly out to get you. Source: Sophos Weblog |
Kirstie Allsopp's Twitter account hacked by iPad spammers Plummy-voiced property crumpet Kirstie Allsopp has fallen foul of hackers on Twitter, who posted messages pointing to free iPad scams this weekend from her account. The British TV presenter, best known for her Channel 4 property programmes "Location, Location, Location" and "Kirstie's Homemade Home", only found out that her account had been hacked when some of her 47,000 Twitter followers alerted her to the out-of-character tweets. The links took unsuspecting fans to webpages which encouraged them to apply for free iPads by handing over personal information and signing up for scams that charged £4.50 per week. Kitten-heeled Kirstie had deleted all of the offending tweets from Twitter by the time I went looking for them this morning, but I managed to track down two examples that had been cached elsewhere: free ipads!!! [link removed] omg free ipad, witha train skin =D [link removed]  You'll notice that the spam messages say that they were sent "via web", suggesting that it wasn't a third-party application or linked website that was used to send the messages. The most likely conclusion is that Kirstie Allsopp's Twitter password was stolen via phishing or spyware infection on her computer, or that she was using the same password on multiple websites - which is never a good idea. Kirstie says that she has now changed her Twitter password (hopefully she wasn't using the old one on anywhere else on the net), and deleted the iPad-related messages. To my mind she would also be sensible to scan her computer with an up-to-date anti-virus product too.  Other celebrities who have had their Twitter accounts hacked include Axl Rose, politican Ed Miliband and Britney Spears. Remember, you should always choose a non-dictionary word that's hard to guess as your Twitter password, and never use the same password on multiple websites. Also, be on your guard against phishing sites and ensure that your computer is running up-to-date anti-virus software to protect against keylogging spyware which may attempt to steal your information. Finally, consider carefully which third-party applications and websites you allow to connect with your Twitter account. Source: Graham Cluley, Sophos Weblog |
| Survey stuff worm spreads across Facebook Have you seen messages like these being posted by your Facebook friends? I thought this survey stuff was GARBAGE but i just went on a shopping spree at walmart thanks to FB = <link> , this wont last long so gooo! I thought this survey stuff was BULL** but i swear I just used the Best Buy giftcard they sent me here <link> to buy a laptop!  In the examples, the messages have one thing beyond their wording in common - they're all posted "via Mobile Web", suggesting that the posts (which weren't made by your friends, just in case you were still in any doubt) may be using a common vulnerability. What's interesting is that the application's name seems to change each time. That obviously makes it harder to tell users what to look out for, but potentially could also make it more tricky for Facebook's security team to shut down. Facebook's security team may already be on to it - all of the links clicked on so far have been blocked. But, if there is an unpatched vulnerability which scammers are exploiting, it's possible we might see a renewed attack wearing a different disguise in the near future. What's worrying is that our friends at All Facebook report that the worm can automatically post to your wall and message your friends - helping it to spread virally. Source: Graham Cluley, Sophos Weblog |
Phishers exploit HMRC tax error refund in UK Tax authorities in the UK are contacting millions of people, telling them that they have paid the wrong amount of tax. As the BBC reports, the mistakes in tax payment calculations have been uncovered following the introduction of a new computer system. So, it's good news for some (who will be receiving an unexpected windfall in the form of a tax rebate) and bad news for others, who will find that they are being asked to make uncomfortable additional payments to the HMRC. But if you think you had enough to worry about with the possibility of an unexpected extra tax demand, UK internet users are also at risk as scammers exploit the confusion.  Part of the email reads: Following an upgrade of our computer systems and review of our records we have investigated your payments and latest tax returns over the past years, our calculations show you have made over payments of 317.66GBP Due to the high volume of refunds you must complete the online application. Your refund may take up to 6 weeks to process please make sure you complete the form correctly. In order to process your refund you will need to complete the attached application form. Attached to the email is a file called Refund-Form.zip, which contains an HTML file called Refund-Form.htm which asks for information including your credit card details, full date of birth, and mother's maiden name.  If you do make the mistake of filling in the form, your confidential data is uploaded to a Chinese server. You're not going to receive a windfall because of this form - you've just been phished. The real HMRC website contains advice about scams like this, and clearly states that they would never customers of a tax rebate via email, or invite them to complete an online form to receive a rebate of tax. You have been warned - don't let your eagerness for a tax refund lead to you throwing caution to the wind. Source: Graham Cluley, Sophos Weblog |
| New Vulnerability discovered in Adobe Reader and Acrobat A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability. There is one big difference between this vulnerability and others recently patched in Reader. The last few advisories were actually flaws in Adobe Flash and you could disable the ability to render flash in Reader to once again mitigate against the flaws. Little details are known for this current vulnerability, so please do not open any PDF files that are suspicious or files that you are not expecting to receive. Also, do update your anti-virus software to get the latest anti-virus/malware heuristics. Source: Adobe, Sophos Weblog |
| Free Facebook Credits? It's another scam spreading virally Scam messages appearing to offer free Facebook credits are being seen on Facebook. Here's an example:  Want Free Facebook credits go to <link> Free Faceebook credits Want free facebook credits? (Note that they spell Facebook incorrectly in many of the examples as "Faceebook") Facebook Credits are the currency used on Facebook to buy virtual goods inside games and applications on the Facebook platform. Normally you purchase them with your credit card or PayPal, but clearly there are plenty of Facebook fanatics who would love to receive them for no charge. So, it's not a surprise that some users are clicking on the link offering free Facebook credits, and being taken to the following Facebook page.  As we've seen in the past, this Facebook page has been created with the intention of getting users into publicising the link to their other Facebook friends.  The page uses a clickjacking technique, whereby clicking on the red and blue boxes will actually invisibly update your Facebook profile with references about how to get free Facebook credits.  If you do agree to click on the red and blue boxes, you'll be taken to a page not hosted on the Facebook website (but amateurishly pretending to be a legitimate Facebook page) still claiming to offer free Facebook credits.  But if you persist, and continue to click on the links you will find that you are visiting webpages that ask you to sign up for a rewards program or take online surveys. The scammers behind the Facebook Credits messages earn 50 cent commission for every person that enters their information and verifies their email address, and another 50 cents for every person that completes an offer. Have you received any more Facebook credits after all this? Sadly, no. But your profile has been updated - in order to advertise the scam further. Check your Facebook profile, and remove references to the Free Facebook credits offer from your feed, unlike the page, and be more cautious in future. Source: Graham Cluley, Sophos Weblog |
| Tests Show Consumer Antivirus Programs Falling Behind The latest tests of consumer of antivirus software released on Tuesday show the products are declining in performance as the number of malicious software programs increases, a trend that does not bode well for consumers. NSS Labs tested 11 consumer security suites and found that the products are less effective than a year ago as far as blocking the download and execution of malicious software programs. The company also tested if those programs detected and blocked malicious Web sites. In its tests, the company used new malicious Web sites within minutes of discovery in addition to brand-new malware, which it contends is indicative of the conditions that users would find while browsing the Internet. The download and execution blocking rate for the top performing product, Trend Micro's Titanium Maximum Security, fell from 96.4 percent to 90.1 percent from the third quarter of 2009 to the same period this year. Coming in at number two was McAfee's Internet Security at 85.2 percent, followed by F-Secure Internet Security 2010, 80.4 percent; Norman Security Suite, 77.2 percent; Sunbelt VIPRE Antivirus Premium 4, 75.3 percent; Microsoft Security Essentials 2, 75 percent; Panda Internet Security 2011, 73.1 percent; Symantec Norton Internet Security 2010, 72.3 percent; Kaspersky Internet Security 2011, 71.3 percent; Eset Smart Security 4, 60 percent; and AVG's Internet Security 9, 54.8 percent. All of the rates were lower except for two products: McAfee's Internet Security and F-Secure's Internet Security 2010, which upped their detection and blocking rates by 3.6 percent and .4 percent respectively. The biggest drop occurred for AVG's Internet Security 9, which fell 18.5 percent, and Kaspersky's Internet Security 2011, which fell 16.5 percent, according to NSS Labs. "Perhaps surprisingly, Microsoft Security Essentials -- a free product -- ranked higher than half of the competition (paid products), including Symantec's market leading product," according to the report. But overall, the results create a dimmer picture for people's chances of keeping their PC free of malware. The tested security products haven't necessarily fallen in quality, but rather the threats are evolving at a rapid pace, said Rick Moy, president of NSS Labs. "It is a cat and mouse game," Moy said. "The bad guys basically are getting smarter. At any given point, the antivirus products have to catch up." NSS Labs is an independent security software company that does not accept vendor money for performing comparative evaluations. Although it normally sells its reports, the company released the consumer anti-malware test results to the public for free. The company also tested the suites' effectiveness against client-side exploits, which are specially crafted code sequences that unlock a vulnerability in a software application, such as a Web browser or PDF viewer. An exploit is then used to deliver malicious software to the computer, which can then be used to steal data, send spam or join the computer into a botnet, or a networked of compromised PCs. NSS Labs found in the latest tests that cybercriminals have an astounding 25 to 97 percent chance of a successful attack using client-side exploits against the 11 security suites. The company's researchers used penetration tools such as Metasploit to test how well the suites were able to detect 118 client-side exploits, including ones used to deliver malicious software programs such as the online banking malware Zeus and Stuxnet, a program that manipulates SCADA (supervisory control and data acquisition) systems made by Siemens. Many security software suites have a heavier focus on detecting the malware that is delivered rather than the means by which is delivered, which is the exploit. But it is still a very important measure of the strength of the security software. F-Secure's Internet Security 2010 product and Kaspersky's Internet Security 2011 proved the best, detecting 74.6 percent of the 118 client-side exploits. Third place went to McAfee's Internet Security at 72.9 percent and then followed in order by Symantec Norton Internet Security 2010 at 64.4 percent, Microsoft Security Essentials 2 at 60.2 percent, ESET Smart Security 4, 44.1 percent; Norman Security Suite, 25.4 percent; Trend Micro Titanium Maximum Security, 18.6 percent; AVG Internet Security 9, 15.3 percent; Panda Internet Security 2011, 10.2 percent; and then finally Sunbelt VIPRE Antivirus Premium 4, 3.4 percent. Source: The New York Times |
| Gawker tech boss admits site security was crap Gawker Media plans to overhaul its web infrastructure and require employees to use two-factor authentication when accessing sensitive documents stored online, following an embarrassing attack that completely rooted the publisher's servers. The publisher of Gawker, Gizmodo, and seven other popular websites also plans to, gasp, mandate the use of secure sockets layer encryption for all users with Gawker Media accounts on Google Apps, according to a memo written by Gawker tech boss Tom Plunkett and published Friday by The Next Web. The company-wide message conceded a point first made by the perpetrators of the hack: That Gawker Media's security was utter crap. “It is clear that the Gawker tech team did not adequately secure our platform from an attack of this nature,” Plunkett wrote. “We were also not prepared to respond when it was necessary.” Indeed, security researchers who examined the web platform's source code were amazed as just how poorly the site was put together. “Having looked at the Gawker PHP source, I'm shocked it hasn't happened sooner,” Mike Bailey, who specializes in web-application security recently tweeted. “Test code all over the place, bugs galore.” “Gonna go ahead and make a prediction: Nothing short of a full site rewrite is going to keep Gawker online at this point,” he said in another message. Another amateur goof was the use of DES, or Data Encryption Standard, to protect some 1.5 million account passwords despite long-known weakness in the hashing algorithm. As a result, the attackers were able to retrieve the first eight characters of plaintext for each one. Plunkett also laid out plans for disposable reader accounts that could be dumped at any time and said that the publisher would no longer store email addresses and other reader data. “On all of our sites, we will be introducing several new features to our commenting system to acknowledge the reality that we have lost the commenters' trust and don't deserve it back,” he wrote. “We should not be in the business of collecting and storing personal information, and our objective is to migrate our platform away from any personal data dependencies (like email & password). Source: The Register |
| Facebook stalkers and profile creeps - rogue apps spread virally Many Facebook users have contacted the Naked Security team this weekend, reporting that they have fallen victim to a fast-spreading scam that claims you can find out who is stalking you on Facebook and viewing your profile. Judging by the number of messages posted on the site, the scam spread hard and fast affecting many users. And although Facebook's security team appears to have been mopping up the mess, and removing the rogue applications and messages, there's always the chance that it will resurge in a slight different form before too long. One of the most commonly seen scam messages read: I just saw who STALKS me on Facebook! You can see who creeps around your profile too! [LINK] Clicking on the link would take you to a rogue application, that claimed it would tell you who was viewing your Facebook page.  If you approved the subsequent request for the application to be able to access your profile, your own Facebook account would publish the scam link, passing it virally onto your Facebook friends. The purpose of the scam and the reason why the bad guys wanted it to spam out so quickly? Every user is requested to fill in a survey, which generates money for the scammers behind the scheme. So, here's an important message for all Facebook users. There's no way for you to find out who has been viewing your Facebook profile, or your total number of Facebook profile views, and Mark Zuckerberg isn't asking you to verify your account either. Source: Graham Cluley, Sophos Weblog |
More topics from this board
Sticky: » Computer IssuesSoujimiSatori - May 11, 2010 |
1 |
by SoujimiSatori
»»
Aug 7, 2010 7:49 PM |
|
Sticky: » IT NewsSoujimiSatori - May 13, 2010 |
4 |
by SoujimiSatori
»»
Jul 8, 2010 7:04 PM |
|
Sticky: » Miscellaneous IT QuestionsSoujimiSatori - May 13, 2010 |
0 |
by SoujimiSatori
»»
May 13, 2010 11:22 PM |
|
» DiscussionsSoujimiSatori - May 11, 2010 |
0 |
by SoujimiSatori
»»
May 11, 2010 8:05 PM |
|
Sticky: » Server IssuesSoujimiSatori - May 11, 2010 |
0 |
by SoujimiSatori
»»
May 11, 2010 7:57 PM |