Feeling Conflicted about Conficker?, (Tue, Mar 31st)
In just a few minutes it will be April 1st at the International Date Line. Over the next 24 ho ...(more)...
DHS Releases Conficker Worm Detection Tool (E-Week Security)
Conficker: What It Is, How To Stop It, and Why You May Already Be Protected (E-Week Security)
April Fools Conficker Virus Removal (FOX 7 Austin) (Yahoo News)
Group Takes Conficker Fight to a New Level (PC World) (Yahoo Security)
Google: Spammers Rally Back From McColo Shutdown (E-Week Security)
Asia, Europe, S. America Biggest Conficker Targets (SecurityFix Blog)
A Message For Your IT Director About the Conficker Worm (PC World) (Yahoo Security)
Fake Security Software Scammers Jump on Conficker (PC World) (Yahoo Security)
April Fools' Virus Help, Removal Links (FOX News Chicago) (Yahoo News)
Restore Access to Blocked Sites on Conficked Systems
By Rik Ferguson on worm_downad
As has been previously noted on this blog and many others over the past few weeks. A machine infected with Downad/Conficker will not be able to access many of the domains which can assist in the cleanup of the infection. So in anticipation of the “Impending Technological Apocalypse™“. Trend Micro is pleased to bring you a [...]
Poisoned Downad/Conficker Removal Searches…By Rik Ferguson on worm_downad
Reminder: For a FREE tool to remove Conficker (and every other malware in the current pattern file) use Trend Micro’s SysClean available here. As soon as the good news breaks that it is possible to use tools such as the network scanning tool nmap to search for machines infected by Downad/Conficker, then the malicious SEO work starts. If you [...]
Attack Of The Mini-BotnetsSmaller, specialized botnets target enterprises and data theft
Despite Hype, Security Pros Not Panicked About External ThreatsDespite hype around worms and viruses, most security pros still not overly concerned about external attacks
New Free Scanners Available For Detecting Conficker Worm InfectionsResearchers build network scanner to detect Conficker
winAUTOPWN - Windows Autohacking ToolBy Darknet on windows-exploit
winAUTOPWN is a TooL to Autohack your targets with least possible interaction. The aim of creating winAUTOPWN is not to compete with already existing commercial frameworks like Core Impact (Pro), Immunity Canvas, Metasploit Framework (freeware), etc. which offer autohacks, but to create a free, quick, standalone application which is easy to use...
Read the full post at darknet.org.uk
By Darknet on windows-exploits
Finally Microsoft is doing something proactive and perhaps even slightly ahead of the game, a real game-change for the security community. They have released a new AND open-source tool to make debugging easier, it gives developers a lot of help during the release cycle to build more secure software. Mostly because it takes the legwork and [...]
Cyber war: Army says its systems are hack-proofPosted by InfoSec News on Apr 1
http://timesofindia.indiatimes.com/India/Cyber-war-Army-says-its-systems-are-hack-proof/articleshow/4336279.cms
Times of India
31 March 2009
NEW DELHI: The Army is geared up for skirmishes in the digitised
battlefield as well. The force is quite confident that its information
systems are...
Posted by InfoSec News on Apr 1
Forwarded from: jmoss <jmoss (at) blackhat.com>
[PGP signature likely munged from copy and paste. - WK]
Hey InfoSec readers,
I am proud to announce that the audio and video from BH USA 2008 is now
available for free download, and is in several formats, the first of
which is a large,...
Posted by InfoSec News on Apr 1
http://www.washingtonpost.com/wp-dyn/content/article/2009/03/31/AR2009033103684.html
By Joby Warrick and Walter Pincus
Washington Post Staff Writers
April 1, 2009
Key lawmakers are pushing to dramatically escalate U.S. defenses against
cyberattacks, crafting proposals that would empower...
Posted by InfoSec News on Apr 1
http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9130827
By Jaikumar Vijayan
March 31, 2009
Computerworld
A Kaiser Permanente hospital located in a Los Angeles suburb has fired
15 employees and reprimanded eight others for...
Posted by InfoSec News on Apr 1
http://www.networkworld.com/news/2009/033109-ultradns-service-attacked.html
By Carolyn Duffy Marsan
Network World
03/31/2009
NeuStar confirmed that its UltraDNS managed DNS service was knocked
offline for several hours Tuesday morning by a distributed denial of
service attack.
``Early...
Symantec warns customers after call center theft
Posted by InfoSec News on Mar 31
http://www.networkworld.com/news/2009/033009-symantec-warns-customers-after-call.html
By Robert McMillan
IDG News Service
03/30/2009
Symantec is warning a small number of customers that their credit card
numbers may have been stolen from an Indian call center used by the
security...
Posted by InfoSec News on Mar 31
Forwarded from: Elizabeth Lennon <elizabeth.lennon (at) NIST.GOV>
ITL BULLETIN FOR MARCH 2009
THE CRYPTOGRAPHIC HASH ALGORITHM FAMILY: REVISION OF THE SECURE HASH STANDARD
AND ONGOING COMPETITION FOR NEW HASH ALGORITHMS
Â
Shirley Radack, Editor
Computer Security Division
Information...
Posted by InfoSec News on Mar 31
http://news.cnet.com/8301-1009_3-10207375-83.html
By Elinor Mills
Security
CNet News
March 30, 2009
Even worm creators write buggy software.
Once it infects a computer, the Conficker worm closes the hole in
Windows that it used to get onto the system so no other malware can get
in. This...
Posted by InfoSec News on Mar 31
Forwarded from: Dancho Danchev <dancho.danchev (at) gmail.com>
Excerpt : "Earlier this month, the controversial BBC purchase of a
botnet and modifying the infected hosts in the name of “public interestâ€
sparked a lot of debate on the pros and cons of their action. Condemned ...
Posted by InfoSec News on Mar 31
http://blog.wired.com/27bstroke6/2009/03/former-teen-sto.html
By Kevin Poulsen
Threat Level
Wired.com
March 30, 2009
A former teenage hacker who served prison time for an online
stock-trading scheme is back in jail again, after allegedly gaining
administrative access to a New York-based...
Posted by InfoSec News on Mar 31
http://gcn.com/articles/2009/03/30/cyber-defense-competition.aspx
By William Jackson
GCN.com
March 30, 2009
It wasn’t all bad news for the University of Pittsburgh over the
weekend.
“I’m happy to say Pittsburgh fared far better in the Regional Collegiate
Cyber Defense Competition...
Posted by InfoSec News on Mar 31
Forwarded from: Leandro Malaquias <lm.net.security (at) gmail.com>
Hey folks,
This year on DSF 2nd edition two great workshops are available.
http://www.digitalsecurityforum.eu/index.php/workshops/
1- ModSecurity Rules with Mr. Christian Bockermann
2- Low-level code development with...
Junk mail strikes back
If you've noticed a spike in the amount of spam you're receiving, you're not alone. According to an analysis by Google, the volume of junk mail has returned to levels not seen since November, when host provider McColo was disconnected.…
Security in 2009, the expert viewAudio with slides attached
Episode 4 In the fourth in our series of Regcasts assessing the state of the IT security market, our expert panel consider what lies ahead for 2009.…
Convicted Trojan author in new hacking chargeBack before the beak
A former hacker who went to prison as a teenager over a stock-trading scam is back in trouble with the law.…
EU tells members to get ready for disasterWhich disaster were you thinking of?
The EU is pushing the development of a strategy to protect Europe from cyber-attacks and disruptions.…
Scareware scammers latch onto Conficker hypeSysadmins served poisoned searches
Scammers are taking advantage of the huge interest in the impending "activation" of the Conficker superworm by poisoning search engine results.…
Facebook Fixes User Email Address LeakageBy Robert A. on IndustryNews
"Previously, when people typed in a legitimate e-mail address on Facebook's password reset page they got a message either saying that their password had been reset or that an e-mail with instructions on how to reset the password had been sent to their e-mail account, thus providing verification that the e-mail...
The Safe Math LibraryBy Robert A. on IndustryNews
"The Safe C Library implements a subset of the functions defined in the ISO TR24731 specification which is designed to provide alternative functions for the C Library (as defined in ISO/IEC 9899:1999) that promotes safer, more secure programming in C. To recap: The Safe C Library (available for download here) provides...
Conficker.C Over The WireBy Ravi Balupari on Conficker.C
A lot has already been written about Conficker. There had been excellent analysis reports published by SRI, The Honeynet Project and others. Vinay Mahadik and I would like to present some findings on the network aspects of the Conficker.C behavior. We setup a small testbed that had a machine infected with Conficker.C in a controlled environment; and [...]
Conficker Activation On April 1stBy Shinsuke Honjo on Uncategorized
Hello, it is now April 1st for at least Asia Pacific and Europe. We’ve been blogging and posting various resources about ways to protect against the Conficker worm up to its “activation day”: “More Comments Regarding Conficker“ “W32/Conficker: Much Ado About Nothing?“. The day has finally arrived. McAfee Avert Labs has been closely monitoring Conficker-related threats and, we haven’t observed any [...]
Message in a MalwareBy Karthik Raman on Malware Research
We often see messages from malware authors in the malware that we analyze. And, strangely, unlike the theme of The Police’s hit song “Message in a Bottle,” these are never expressions of love. On the contrary, they’re usually offensive. Backdoor-DOQ is a backdoor Trojan. A variant that we analyzed last week would, among other things, establish a [...]
The most common vulnerabilities used by malevolent URLs in ChinaBy Yang Zhang on Vulnerability Research
Everyday there are thousands of websites that have been injected with malicious code and there are millions of hosts that have been infected by malware from these malevolent URLs. The main vulnerabilities lately are Windows-based as well as third-party application issues. This blog will introduce the most common vulnerabilities used by malevolent URLs in China [...]
Another Day, Another Rogue Security ProgramBy Karthik Raman on Malware Research
There is really no scarcity of spurious security programs. Almost daily, we see programs that pretend to be security programs but in reality are malicious. They display messages about system compromise and attempt to frighten users into purchasing some other malicious program to prevent the compromise. Or worse. While displaying fake messages about system compromise [...]
Brief: Spam back up to pre-McColo levelsSpam back up to pre-McColo levels
Brief: Academics peer inside cyber espionage netAcademics peer inside cyber espionage net
Cybersecurity hearing highlights inadequacy of PCI DSSBy Robert Westervelt
Lawmakers call the PCI standard lacking and seek significant improvements to the payment processing infrastructure to improve security.
Mass., Nev. data protection laws wrong, ineffectiveBy Eric Ogren
Government should consider extending existing frameworks for fraud, trespassing and trafficking across state and national borders, not legislating technology, explains Eric Ogren.
Scalable Infrastructure vs Large Problems, or OpenDNS vs ConfickerBy Richard Bejtlich
After seeing Dan Kaminsky's talk at Black Hat DC last month, I blogged about the benefits of DNS' ability to scale to address big problems like asset management records. I've avoid talking about Conficker (except for yesterday) since it's all over the media.
Why mention DNS and Conficker in the same post? All of the commotion about Conficker involves one variant's activation of a new domain generation algorithm on 1 April. Until today no one had publicly announced the reverse engineering of the algorithm, but right now you can download a list of 50,014 domains that one Conficker variant will select from when trying to phone home starting 1 April. Some of the domains appear to be pre-empted:
$ whois aadqnggvc.com.ua
% This is the Ukrainian Whois query server #B.
% Rights restricted by copyright.
%
% % .UA whois
% Domain Record:
% =============
domain: aadqnggvc.com.ua
admin-c: CCTLD-UANIC
tech-c: CCTLD-UANIC
status: FROZEN-OK-UNTIL 20090701000000
dom-public: NO
mnt-by: UARR109-UANIC (ua.admin)
remark: blocked according to administrator decision
changed: CCTLD-UANIC 20090320144409
source: UANIC
Others appear ready for registration:
~$ whois aafkegx.co.uk
No match for "aafkegx.co.uk".
This domain name has not been registered.
WHOIS lookup made at 00:56:31 31-Mar-2009
Keep in mind that another 50,000 domains will be generated on 2 April, and so on. With such a big problem, what could we do to contain this malware?
OpenDNS is a possible answer:
OpenDNS has kept our users safe from Conficker for the past several months by blocking the domains it uses to phone home...
The latest variant of Conficker is now churning through 50,000 domains per day in an attempt to thwart blocking attempts. Consider this: at any given time we have filters that hold well over 1,000,000 domains (when you combine our phishing and domain tagging filters). 50,000 domains a day isn’t going to rock the boat.
So here’s our update: OpenDNS will continue to identify the domains, all 50,000, and block them from resolving for all OpenDNS users. This means even if the virus has penetrated machines on your network, its rendered useless because it cannot connect back to the botnet.
That's one advantage of outsourcing your Internet DNS to a third party. They have the resources to integrate the latest threat intelligence and the position to do something to protect users.
This is a great example of scalable infrastructure (DNS) vs large problems (Conficker).
Finally, you've probably heard about the Conficker Know Your Enemy paper and associated upgraded scanning tools, like Nmap 4.85BETA5 and the newest Nessus check. I can't wait to see the results of tools like this. It could mark one of the first times we could fairly easily generate a statistic for the percentage of total assets compromised, similar to steps 8 and 9 from my 2007 post Controls Are Not the Solution to Our Problem. In other words, you can scan for Conficker and determine one score of the game -- the percentage of hosts compromised by one or more Conficker variants. The question is, how long until those controlling Conficker update the code to resist these remote, unauthenticated scans?
Group takes Conficker fight to a new level
Forming a global alliance to fight cybercrime isn't easy, and building an organization that can stay one step ahead of cyber crooks in more than 100 countries is close to impossible. But a band of volunteers calling itself Conficker Working Group thinks it can do it.
Conficker activation passes quietly, but threat isn't over
An expected activation of the Conficker.c worm at midnight on April 1 passed without incident, despite sensationalized fears that the Internet itself might be affected, but security researchers said users aren't out of the woods yet.
Fraud in Canadian firms mostly an 'inside job'
Who is the most likely suspect for fraud in Canadian organizations?
FAQ: Conficker clock ticks toward April 1 deadline
When a computer worm reaches the critical mass necessary to make it onto last Sunday's 60 Minutes, you know it's either a once-in-a-blue-moon threat or something that's been hyped beyond belief.
Cloud computing vendors converge on standard definition, goals
Cloud computing vendors are moving toward a common definition and forming industry groups to collaborate on building cloud technologies.
Spam recovers from a knockout blow
The Internet is now officially as bad as ever, at least as far as spam goes.
Conficker.c infects small number of U.S. PCs, IBM says
Conficker.c may be in headlines around the world, but most of the infected PCs are in Asia and Europe, with fewer than 6% of the total found in North America, a security company said Tuesday.
Legislation would curtail warrantless information demands
Four U.S. congressmen have introduced legislation that would make it more difficult for the U.S. Federal Bureau of Investigation to obtain warrantless subpoenas to get personal information from ISPs, telephone carriers and other businesses.
China denies cyber spy network charges
China on Tuesday denied suggestions it could be involved in a cyberespionage ring that attacked computers worldwide from servers mostly based in the country.
Fake security software scammers jump on Conficker
Google's search rankings are being stuffed with links to fake security software that purports to remove Conficker, a widespread worm that's currently the Internet's number one security threat, but doesn't.
Conficker Set to Strike: Protect Yourself with These Tips
Security watchdogs warn that millions could be affected by the Conficker worm tomorrow - unfortunately this is not in an April Fool's Day joke. Over nine million PCs are already infected and a new variant of the virus could threaten those who didn't patch their PCs with the latest security updates.
Cloud Security Alliance formed to promote best practices
Cloud Security Alliance is formed to promote best practices.
What you need to know about the Conficker worm
If you've been paying attention to general computer news, you may have read about the Conficker worm, and what may (or may not) happen to Windows PCs that are infected with Conficker on April 1. The worm has received a lot of attention, leading more than a few Mac users to ask about the worm's impact on OS X. Mac security maker Intego received so many inquiries that the company added a Conficker entry to its blog.
Fidelis spies data leakage via social networking sites
Fidelis Security Systems is looking to help enterprises monitor and block specific content that employees might try to post in social networking arenas.
Defining NAC roles is key
Setting roles is a key part of any NAC deployment to help simplify configuration and management.
Accreditation for IA-related Web sites
Is there any way that a newcomer to information assurance (IA) can receive guidance on the trustworthiness of information about IA posted on the Web? How is a beginner to know whether the site is well researched or whether it should be used primarily as a source of garden fertilizer?
Training needed to quell breaches
As many highly publicized security breaches demonstrate, sometimes the greatest threat to an organization comes from within when well-meaning employees make mistakes such as losing an unencrypted laptop or posting personally identifiable information online.
Researchers exploit Conficker flaw to find infected PCs
Just days before the Conficker worm is set to contact its controllers for new instructions, security researchers have discovered a flaw in the worm that makes it much easier for users to detect infected PCs.
Windows 7 leaks to Web third time this month
Yet another Windows 7 build has leaked to the Web, turning recent appearances of pirated copies into a weekly event on file-sharing sites.
Conficker Worm Is Much Ado About Nothing
Like a C-list celebrity, the Conficker Worm turns out to be all hype and no substance.
Conficker's Zero Hour Arrives Without Event -- Yet
The activation time passes quietly, but Conficker's authors may be biding their time, researchers say.
Conficker Activation Passes Quietly, but Threat Isn't Over
The people behind Conficker may simply be biding their time, researchers said.
Group Takes Conficker Fight to a New Level
With a new and trickier Conficker variant to deal with, a group of volunteers vows to go forward and fight the worm
Conficker Predictions - Doomsday Scenarios for April 1
Conficker spells doom for April 1. Or does it? We ponder whether it's time to stock up on firearms and fresh water and hit the bunker.
IBM: Conficker Infections Low in United States
Most of the infected PCs are in Asia and Europe, with fewer than 6 percent of infections in North America.
Report: HP May Offer Android in Netbooks Over Windows
HP is testing Android but remains undecided on whether to offer it, according to The Wall Street Journal
FAQ: What You Need to Know About Conficker -- Right Now
What do most researchers think will happen when Conficker phones home on Wednesday? Nothing at all.
Playing Go on the Mac
The game of go is a strategic board game invented in China more than 2,000 years ago. It is played on a board with a grid of...
Spam Recovers From a Knockout Blow
Spam volume has bounced back after the November McColo takedown cut it in half
Fedora 11 Beta Posted With New Security, Developer Features
The free Linux OS shows a glimpse of technologies that may end up in a future version of Red Hat Enterprise Linux
Eltima Releases Recover PDF Password
Eltima Software on Tuesday announced the release of Recover PDF Password for Mac OS X. It costs US$40.
DiskTools Pro Offer Hard Disk Repair, Diagnostic Tools
Macware on Tuesday announced the release of DiskTools Pro, a new utility for Mac OS X users that helps to diagnose and repair...
SlickEdit 2009 Debugs Perl, Python, PHP
SlickEdit has announced the release of SlickEdit 2009, a new version of their multi-platform code editor. SlickEdit 2009 costs...
Conficker Set to Strike: Protect Yourself with These Tips and Tools
With the Conficker worm set to strike on Wednesday we offer you piece of mind and ways to protect your digital behind.
China Denies Cyber Spy Network Charges
A network used to attack computers worldwide appears to be based in the country
Fake Security Software Scammers Jump on Conficker
Google's search rankings are being manipulated in order to trick people into downloading bad software
Google Ventures Looks to Invest in Startup Companies
Portfolio companies may be acquired, but that's not the goal, Google says.
What You Need to Know About the Conficker Worm
If you've been paying attention to general computer news, you may have read about the Conficker worm, and what may (or may...
Symantec Warns Customers After Call Center Theft
Around 200 of its customers may have been affected by a data theft incident reported last week
US Convicts First Foreigner of Phishing
Extradited in late 2007, a 23-year-old Romanian man received a four-year sentence
Conficker: Getting the Last Laugh
Analysis: Will Conficker set off massive viral destruction, or have we all been (April) fooled?
The Gh0st RAT in the Machine
Analysis: Are Chinese spies coming to a PC near you?
Are game accounts getting stolen? Really?
Symantec surveys gamers to find out, the European Network and Information Security Agency publishes a report about risks in Massively Multiplayer Online/Virtual Worlds and we take a look at what can happen when a member of your guild uses the wrong antivirus.
FBI: Internet Fraud Complaints up 33 Percent in 2008
With attackers becoming more sophisticated, Internet crime complaints have jumped
Symantec Comments on PIFTS.exe
There have been a few questions around PIFTS.exe in the past 24 hours. What is it? Where did it come from? Is it safe? How is Symantec addressing it? Here we continue to address this diagnostic patch that Symantec released yesterday and why it caused such a stir.
After Early Fame, DataPortability Project Matures
Its role includes holding social-networking vendors' feet to the fire regarding data portability
Conficker Flaw Found: Security Experts Say Detection Now Easier
Just days before the Conficker worm is set to contact its controllers for new instructions, security researchers have found what they say is a flaw that makes detection much easier.
Google Unearths Stolen Credit Cards
Cards stolen from U.K. are revealed when thieves post them for sale.
Once-Secret 'Cloud Manifesto' Sees Light of Day
UPDATE: The document pushing cooperative clouds is officially released after Microsoft spills the beans.
New method for detecting Conficker discovered, debuted
By jhruska@arstechnica.com (Joel Hruska) on Tillman Werner Conficker scanner MS08-67
The clock is ticking down towards Conficker.C's reported April 1 launch date, but an 11th-hour discovery by Team White Hat may substantially improve an IT shop's chance of catching the bug early and stomping on it. The full technical details on the Conficker scanner are being witheld for roughly 24 hours (we'll link the paper when it arrives). If the scanner works as advertised, the security industry will be able to track the spread of Conficker much more effectively than before and neutralize it that much faster.
FBI Nabs Robbers With Google Map, Spycam Mashup
By Noah Shachtman
G-Men these days have to focus more on stopping terrorists than nabbing old-school bank robbers. So FBI agents in Arkansas are enlisting the online public's help in catching the thieves. And it appears to be working.
SB09-090: Vulnerability Summary for the Week of March 23, 2009
Vulnerability Summary for the Week of March 23, 2009
The Conficker worm's evil genius.
By Farhad Manjoo on technology
Last week, I pulled out my Internet cable, unplugged my USB drives, and searched my Windows machine for Conficker, the astounding computer worm that threatens to wreak global havoc once its latest version begins to phone home for further instructions on April 1. Well, maybe: While security researchers warn that the worm's creators may be planning on conducting fraud or even "information warfare" aimed at disrupting the Internet, nobody knows what terrible deed Conficker will ultimately pull off. What we do know is that Conficker is devilishly smart, terrifically contagious, and evolving. Each time experts discover a way to constrain its spread, its creators release new, more sophisticated versions that can push even further. The latest version, Conficker C, hit the Internet early in March. Estimates aren't precise, but researchers say the worm—in all its variants—has so far infected more than 10 million machines around the world.
Posts
No comments:
Post a Comment