OS diversity protects cell phones from virus outbreaks
By jtimmer@arstechnica.com (John Timmer) on virus
Events like the spread of the Conficker worm illustrate the risks posed by the combination of a sophisticated operating system and an always-on Internet connection. With the expanding popularity of smartphones, which come with multitasking operating systems and convenient software development kits, the same risk may definitely apply. But, despite the fact that exploit code has been around for several years, nothing on the scale of Conficker has ever struck the cellphone world. A study that will be released online in Science Express looks into why this might be the case, and concludes that a major contributor is the lack of an operating system monoculture in the cellphone world.
The authors say that the customized combinations of hardware and software that characterized early cellphones left little for a virus writer to target, but the rise of smartphones is changing matters rapidly. Since 2004, there have apparently been over 400 phone-specific viruses, and the authors say that many of these show a level of sophistication that indicates their authors have been following developments in the PC world (or, potentially, the authors are one and the same). Some of these viruses were even able to spread by both Bluetooth and MMS services.
Conficker.C appears on schedule, but only as a whisper
By jhruska@arstechnica.com (Joel Hruska) on Werner
The Conficker worm has been a hot topic for months as white hats and black hats have struggled to one-up each other. When security teams broke the randomization cypher Conficker uses and were able to predict which websites the program would target and when, Conficker.B retaliated. That version of the malware used a new encryption cypher to hide its target list (this was broken as well), and was cabable of spreading from infected to non-infected systems over office networks, shared folders, or even USB keys.
Conficker Worm: Not Finished Yet
April 1 may have come and gone without any major attacks, but this worm still poses a threat.
Cyber Espionage From State Governments? Don't Be Surprised
Did the Chinese government, for strategic purposes, infiltrate more than 1,200 computers in 103 countries?
Cyber Espionage From State Governments? Don't Be Surprised
Did the Chinese government, for strategic purposes, infiltrate more than 1,200 computers in 103 countries?
Black Hat Europe Researcher Hacks Database Servers
Black Hat researcher uses SQL injection as a stepping stone to hacking the underlying database server
How To Make The Right Choice About Security OutsourcingNew report offers advice on evaluating and choosing third-party security services offerings
Conficker Day - April 1st - UneventfulBy Darknet on worms
So the big Conficker scare of April 1st has passed without any real events, no major sites taken down, no major online terror campaigns spawned. Just a new more sophisticated, harder to stop version of Conficker updating from a longer list of domains. It seems like this malware might be here to stay and infecting more and [...]
Heres proof. The innocent do have something to fearPosted by InfoSec News on Apr 2
http://www.guardian.co.uk/commentisfree/2009/apr/01/jacqui-smith-expenses
[Slow news day, too many Conficker.c and April Fools stories to drudge
through, but this whole story below has been flying under the radar a
little bit, and is worth a read and wide dissemination. - WK]
By Simon...
STANDARD FOR INFORMATION SECURITY MANAGEMENT UPDATED
Posted by InfoSec News on Apr 2
Forwarded from: <consortium (at) ism3.com>
STANDARD FOR INFORMATION SECURITY MANAGEMENT UPDATED
April the 2nd 2009, Madrid
Following a series of important updates to the Information Security
Management Maturity Model, the ISM3 Consortium, with members from the
US, Spain, India and...
Evidence of Russian sense of humour found!
While the rest of the world bit its nails in terror that the Conficker worm would somehow rise up and swamp the internet on 1 April, Russian wags seized on the opportunity to craft a subtle April Fool joke.…
Cybersecurity law would give feds unprecedented net controlFor your own good
US senators have drafted legislation that would give the federal government unprecedented authority over the nation's critical infrastructure, including the power to shut down or limit traffic on private networks during emergencies.…
Infocus: Enterprise Intrusion Analysis, Part OneEnterprise Intrusion Analysis, Part One
Conficker updates with no problems reportedBy Robert Westervelt
Despite hyped reports of a trail of destruction, the latest Conficker worm upped the ante April 1, but security researchers are successfully blocking it from receiving orders.
British hacker's supporters rally at US embassyAs protesters took to the streets again Thursday during the G20 world leaders summit, the U.S. embassy saw a much smaller rally in support of a British computer hacker.
Bill would give feds private sector cybersecurity roleTwo U.S. senators are proposing legislation that would give federal officials significant new authority to create and enforce data security standards both for government agencies and key parts of the private sector.
SMEs stick 'heads in sand' over securitySmaller and midsized businesses are cutting back on security due to the effects of the recession, even though most SMEs expect security threats to increase.
Conficker Worm: Not Finished YetApril 1 has come and gone, and the Internet has not disintegrated and no major cyber-attacks were reported. But Conficker still remains a threat. Now don't panic, this doesn't mean cyber-Armageddon could strike at any minute, it just means you need to make sure your computer is fully updated if it isn't already. Feel better? Good, then let's take a look at what's going on.
Organisational networks remain vulnerablePoor network management and basic security vulnerability oversights are leaving organisations open to security attacks, compliance breaches and operational downtime.
NAC has a futureLike a lot of businesses, NAC vendors will be facing tough times over the next few years, but there are glimmers of hope for even the startups, according to a new report by Gartner.
2008 was not a good year"I told you so" is not exactly the favorite comment for anyone to hear, but unfortunately sometimes it has to be said. ScanSafe starts its 2008 Annual Global Threat Report with some depressing comments.
Project Spring Cleaning 2009Technology needs spring cleaning just like rugs and garages. The trick today is to focus on security and maintenance issues that get ignored during normal work days. Set aside some time now to clean up and your technology will support you much more smoothly through the summer.
Conficker may be more widespread than previously thoughtThe Conficker worm may have infected more machines than previously thought, according to Internet infrastructure provider OpenDNS.
VeriSign app turns iPhone into security deviceIt seems oddly appropriate to talk about security today. Between malware and identity theft, everyone has more to think about these days. Many services are adopting multi-factor authentication in order to better protect their users. This generally involves a little dongle attached to your keychain that reads out a new, random number after a short period of time.
Legislation would create new cybersecurity regulationsTwo U.S. senators have introduced legislation that would overhaul the nation's cybersecurity efforts, and would reportedly allow the government to regulate some private company cybersecurity efforts for the first time.
PCI security standard gets flayed at House hearingThe PCI standard, long touted as one of the private sector's best attempts to regulate itself on data security, is increasingly showing signs of coming apart at the seams.
Conficker's makers lose big, expert saysThe malware makers who crafted Conficker must be extremely disappointed, a security expert said Wednesday, and not because the Internet didn't come crashing down as some of the wildest speculation had predicted.
Phone service for the deaf becomes a fraud toolA telephone service designed to help deaf and speech-impaired people communicate is being misused by fraudsters, a PayPal executive said Wednesday.
A view from the CWG Trenches, (Thu, Apr 2nd)
This diary entry is an attempt to share one persons perspective on the importance of the CWG. ...(more)...
JavaScript insertion and log deletion attack tools, (Thu, Apr 2nd)In my last two diaries (http://isc.sans ...(more)...
Five Free Tools to Help Exterminate Conficker (E-Week Security)
Hackers Mistimed Conficker, But Threat Lingers (NewsFactor) (Yahoo Security)
Cybercrime, Internet Fraud on Upswing as Lawmakers Discuss Strategy (E-Week Security)
FBI: Internet Fraud Rates Rose 33% Last Year (SecurityFix Blog)
Who Should be in Charge of U.S. Cybersecurity? (Schneier blog)
Conficker D-Day Arrives; Worm Phones Home (Quietly) (NetworkWorld Virus/Worms)
Conficker worm plays no tricks on April Fools' Day (AFP) (Yahoo Security)
Conficker's Big Day Passes Quietly, but Was It Really a Bust? (E-Week Security)
April 1, 2009 and Conficker
By MSRCTEAM
We’ve gotten a number of questions from customers asking us if we’ve seen any new activity from the Conficker worm now that it’s April 1, 2009.
We and our partners in the Conficker Working Group have been watching closely and we’ve not seen any new malicious activity from Conficker. We haven’t seen any actions outside of what we expected. We have seen systems infected with Worm:Win32/Conficker.D starting to use the new domain generation algorithm. But we haven’t seen any new variants released or any new attacks levied as a result of this.
While there’s been a significant focus on the April 1 date, customers shouldn’t take it to mean that once April 1 has passed that all the risks around Conficker.D lessen or go away. Like I said on Friday, Conficker.D should remain a manageable cause for concern and it doesn’t go away after April 1. Just like it has on April 1, Conficker.D will continue trying to contact domains using this new algorithm on April 2, April 10, and beyond. This means that even though it hasn’t happened today, a new variant or a new attack could be levied in the future. And so, customers should keep focused and keep doing what they’ve been doing: focusing on ensuring your systems are updated with MS08-067, keeping your security software signatures updated, and cleaning any systems you identify that are infected with any version of Conficker. Remember that we have more information about Conficker for home users, and IT Pros. And the MMPC blog always has good information related to malware.
And of course, we and our partners in the Conficker Working Group will keep focused on our ongoing efforts to protect customers and provide you with updates about the situation as we have them.
Thanks.
Christopher
No comments:
Post a Comment