Researchers hijack botnet, score 56,000 passwords in an hour
By jacqui@arstechnica.com (Jacqui Cheng) on Trojan
Researchers at the University of California Santa Barbara have published a paper (PDF) detailing their findings after hijacking a botnet for ten days earlier this year. Among other things, the researchers were able to collect 70GB of data that the bots stole from users, including 56,000 passwords gathered within a single hour. The information not only gave them a look at the inner workings of the botnet, they also got to see how secure users really are when it comes to online activities. (Hint: they aren't.)
The botnet in question is controlled by Torpig (also known as Sinowal), a malware program that aims to gather personal and financial information from Windows users. The researchers gained control of the Torpig botnet by exploiting a weakness in the way the bots try to locate their commands and control servers—the bots would generate a list of domains that they planned to contact next, but not all of those domains were registered yet. The researchers then registered the domains that the bots would resolve, and then set up servers where the bots could connect to find their commands. This method lasted for a full ten days before the botnet's controllers updated the system and cut the observation short.
Gap Analysis of Application Security in Struts2/WebWork
By Robert A. on Research
"The purpose of this paper is to discover what features and capabilities, if any, the Struts2/WebWork (hereafter referred to simply as Struts2) development team could add to increase the security of applications built with Struts2. The version analyzed was version 2.1.6, which was the latest version available when the project was...
Attacker reportedly holds Virginia patient data hostage
By Elinor Mills
An attacker tried to extort $10 million after breaking into a Virginia state Web site used to track prescription drug abuse and allegedly holding the data hostage, according to a posting on the Wikileaks Web site.
The ransom message on the Virginia Prescription Monitoring Program site read:
"I have your [...
Will the Hathaway report lead to action?
By Jon Oltsik
President Obama in early February assigned Melissa Hathaway, a former consultant at Booz Allen Hamilton, to review the status of the nation's cybersecurity defenses, processes, and organization and report back to him with the findings 60 days hence. The president now has the results of the Hathaway study and ...
Inventor: SSL not to blame for security woes
By Vivian Yeo
At the RSA Conference last month in San Francisco, Taher Elgamal was conferred the Lifetime Achievement Award--only the third recipient of the award since its inception in 2004.
Taher Elgamals
The chief security officer of Axway has more than 25 years of experience in the security industry, starting out as ...
Fiddler - Web Debugging Proxy For HTTP(S)
By Darknet on web-security
Recently I posted about Charles Web Debugging Proxy and quite a few people mentioned they had been using Fiddler. Fiddler is a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect all HTTP(S) traffic, set breakpoints, and “fiddle” with incoming or outgoing data....
Researchers Take Over Dangerous Botnet
University of California-Santa Barbara researchers expose details of botnet known for stealing financial data after boldly wresting control of it
Industry group pushing for cybersecurity chief
Officials at TechAmerica, a technology industry association, say a cybersecurity chief would provide vendors with the clear guidance they need to develop products for government.
Security concerns hold back social networking
Two recent surveys found that many organizations are putting off Web 2.0 plans until security issues are resolved.
Google Scales Back YouTube Korea
The country's "real-name" law requires the Web site to confirm the identity of people through personal information, such as their real names and resident registration numbers.
Conficker Worm Hits University Of Utah
Conficker tries to copy itself to removable media drives in a way that forces code execution whenever the removable drive is inserted into a computer system.
Twitter Visited By Worms Instead Of Bunnies
An exploit of a cross-site scripting flaw in Twitter sent almost 10,000 spam tweets and compromised at least 190 accounts over the weekend.
Rolling Review: StealthWatch System For Network Behavior Analysis
Lancope appliances provide deep threat analysis that's easy to see.
Silicon Valley Phone, Internet Outage Raises Security Questions
AT&T has increased its reward to $250,000 for information leading to the arrest and conviction of the culprits.
Microsoft Plans Eight Security Fixes Next Week
Five of the Patch Tuesday fixes affect Windows, one affects Internet Explorer, one affects Excel, and one affects ISA Server.
Silicon Valley Internet, Phone Service Sabotaged
The areas affected are in the southern portions of San Jose, home to many of the nation's major technology companies.
Conficker Worm Arms Itself To Steal And Spam
The new variant, designated Conficker.E, is arriving through the worm's P2P connectivity.
Software Group Doles Out Cash To Piracy Tipsters
SIIA distributed almost $90,000 to inside informants last month.
Giving Government Power To Unplug The Internet
In the best-case scenario, that power could enable a president to prevent cyberattacks on the power grid, air traffic control systems or the root of the Internet.
Mobile Can-Spam Act Sought In Senate
A recently introduced bill would expand the law to include SMS messages, but it's unclear if it could really reduce mobile spam.
Scareware Surging, Microsoft Report Finds
Two rogue software families were detected on more than 1.5 million computers, making them among the top threats for the second half of 2008.
U.S. Electrical Grid Breached By Cyber Spies
The intrusions were detected by U.S. intelligence agencies. In November, a congressional advisory committee warned that Chinese cyberattacks were increasing.
UK Taps U.S. Outsourcers For $960 Million National ID Project
IBM and CSC will create biometric identification systems under a pair of 10-year deals.
HyTrust Offers VMware Hypervisors Security
Startup HyTrust says its appliance acts as an authentication proxy for VMware ESX hypervisors through integration with Microsoft Active Directory and other LDAP directories.
Facebook, Microsoft Partner To Fight Koobface Worm
The Koobface virus, which spreads through social networking sites, has been added to Microsoft's Malicious Software Removal Tool.
Google Street View Car Blocked By Suspicious Villagers
Residents in the Buckinghamshire village of Broughton surrounded a car capturing Street View images on Google's behalf.
Microsoft Issues PowerPoint Security Advisory
Microsoft said it's aware only of limited, targeted attempts to exploit this vulnerability, which could allow an attacker to execute code remotely.
Major Cybersecurity Bill Introduced In Senate
The call for a new adviser comes at a time when controversy has arisen over the current cybersecurity structure in government.
Web 2.0: Internet Too Dangerous For Normal People
After decades of computer security work, one researcher questions current Internet safety procedures and the vendors assigned to protect the average user.
7 Fantastic Internet Hoaxes
Despite our increasing technological sophistication, we can't help falling for e-mail about Bigfoot, giant mutant cats, doomed tourists, and deadly butt spiders.
Conficker's April Fools' Day Update Begins With A Yawn
The worm was designed initially to exploit a Microsoft Windows vulnerability that was patched last October.
Apple, Dell, Intel Sued Over Encryption Patent
The PACid Group named 19 tech companies in its lawsuit claiming infringement of its patent on generating encryption keys.
Spam Is Making A Comeback, Google Finds
The volume of unwanted messages has been creeping upward at a rate of about 1.2% per day as spammers try to rebuild the infrastructure they lost at McColo.
Homeland Security Keeps Tabs On Conficker Worm
The agency's US-CERT team created worm-scanning software for federal and state government agencies, commercial vendors, and critical infrastructure owners.
Analytics Brief: What Keeps Security Pros Awake At Night?
We polled more than 400 business technology professionals to determine which threats they consider the most serious, how they prioritize their defensive efforts, and what plans they've put in place to keep their organizations' data safe in 2009 and beyond.
Top-Down Password Protection
New tools can corral administrator-level access, but plan ahead to avoid costly downtime.
Faceless Twitter Users Exposed By Other Social Networks
Just by comparing Flickr and Twitter, researchers connected the dots in the completely anonymous Twitter graph with only a 12% error rate.
Mac OS X Proof Of Concept Exploit Code Published
The software has the ability to create a new system volume, call to some OS functions, and change the user ID, without administrative privileges.
Conficker Worm Worries Exaggerated
The worm, which attempts to exploit a Microsoft vulnerability that was patched last October, has been evolving.
Obama Cybersecurity Team Consults Rights Groups
Civil liberties, privacy, education, and public-private partnerships are at the forefront of the government's cybersecurity initiatives.
DSL Modems Becoming Botnet Zombies
Cybercriminals are using the PSYB0T botnet to take advantage of vulnerabilities in the NetComm NB5 modem-router.
YouTube Blocked In China, Again
Last year, during the March riots in the Tibetan capital of Lhasa, China blocked access to YouTube.
Smart Grid Lacks Smart Security
Devices could be used to conduct attacks on the power grid and on people's homes if they're developed without sufficient security, security researchers warn.
Web filters threaten national security
Internet heavyweights have attacked the federal government's Internet content filtering plans and claimed it opens vulnerabilities that could threaten national security.
Cloud security will supplant patching, says report author
Patching alone will never solve the long-running headache of insecure software, the author of the influential Laws of Vulnerability 2.0 report has said.
Adobe promises fixes for latest flaws by next week
Adobe Systems expects to have patches ready to fix the latest flaws in Acrobat and Reader by next week.
In the Trenches, as the Threats Evolve
Recent security incidents at my company have gotten me thinking about the state of information warfare. Electronic break-ins are progressing in a direction that makes me fear that the nature of the threats is changing.
IT faces possible pandemic amid budget cutbacks
Many IT executives could be facing an uphill battle in moving to deal with a possible swine flu pandemic as they cope with a flagging economy that has caused layoffs and budget cutbacks in a number of companies.
Critics argue against a White House security lead
Critics raised questions last week about the growing chorus of calls for the White House to play a leading role in coordinating cybersecurity efforts involving the federal government and key private-sector industries.
Botnet probe turns up 70G bytes of personal, financial data
Researchers from the University of California gained control over a well-known and powerful network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.
Why mix Bluetooth with Wi-Fi?
When the latest version of Bluetooth was announced last week, two questions popped to mind. First, what does Bluetooth 3.0 - which combines the Bluetooth wireless communications protocol with 802.11g Wi-Fi transport capabilities - offer that plain old Wi-Fi doesn't? Second, how are 3.0 connections secured, given that Wi-Fi running in ad hoc (peer-to-peer) mode hasn't historically received many kudos for privacy? It turns out that the two questions and their answers are somewhat related.
'Managing' passwords doesn't make them less unsafe
In his newsletter last week my colleague M.E. Kabay points us to a draft release of a new paper from the National Institute of Standards and Technology (NIST) called the "Guide to enterprise password management." Maybe next they'll draft guidelines for the proper use of buggy whips!
LexisNexis says credit card fraudsters used its data
Belated notice to 32,000
LexisNexis is in the process of warning at least 32,000 people that their social security numbers and other personal information may have been stolen by identity thieves who used the company's information retrieval service.…
Botnet hijacking reveals 70GB of stolen data
Torpig uncovered
Security researchers have managed to infiltrate the Torpig botnet, a feat that allowed them to gain important new insights into one of the world's most notorious zombie networks by collecting an astounding 70 GB worth of data stolen in just 10 days.…
Trade in secondhand BlackBerries booming in Nigeria
Information fences plunder insecure data
A TV investigation has revealed that secondhand BlackBerries on Nigerian markets are priced according to the data held on them, not the age or the model of a phone.…
An Inexpensive Wireless IDS using Kismet and OpenWRT
Categories: Intrusion Detection,Wireless Access
Paper Added: May 4, 2009
Post Acquisition Audit in 30 Days
Category: Auditing & Assessment
Paper Added: May 4, 2009
Adobe Reader/Acrobat Critical Vulnerability, (Mon, May 4th)
A critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acro ...(more)...
Putting the ED _back_ in .EDU, (Mon, May 4th)
The Internet is a wonderful thing. Think of all the ways it has changed how we do things ...(more)...
Facebook phishing malware, (Mon, May 4th)
Looks like there may be a piece of malware out there is sending out messages to folks on Facebook tr ...(more)...
Security Researchers Uncover 70GB of Financial Data Stolen by Botnet
Researchers at the University of California, Santa Barbara, say they seized control of the Torpig botnet for 10 days earlier in 2009 and uncovered 70GB worth of financial data, from credit card numbers to bank account credentials. Torpig, also known as Mebroot and Sinowal, has been called the stealthiest rootkit in the wild by security vendor Prevx.
- Researchers at the University of California, Santa Barbara, have published a paper saying they turned up a treasure trove of stolen data after seizing control of a notorious botnet. The team of researchers hijacked the Torpig botnet, (PDF) which they linked to the theft of some 10,000 bank acc...
Adobe Preps Patch for Zero-Day Vulnerability for Reader, Acrobat
Adobe Systems plans to release a fix May 12 for a zero-day vulnerability affecting versions 7, 8 and 9 of Adobe Reader and Adobe Acrobat. The vulnerability affects Windows, Mac and Unix operating systems. Adobe also confirms a second vulnerability in Adobe Reader that will be addressed in the forthcoming update for Unix.
- Adobe Systems is planning to release a patch for a zero-day flaw affecting Adobe Reader and Acrobat next week. This is the second zero-day flaw known to have been found in Adobe's Reader and Acrobat products since March. On May 12, Adobe will push out a fix for versions 7, 8 and 9 on Windows PCs...
Europe Wants Smaller Role for U.S. Within ICANN
ICANN, which assigns Internet addresses such as .com and .net, should be stripped of its links to the U.S. government and made a totally independent body, the EU's information society chief said this week.
- STRASBOURG, France (Reuters) - The body in charge of assigning Internet addresses such as .com and .net should be shorn of its U.S. government links from October and made fully independent, the European Union's information society chief said on Monday. The Internet Corporation for Assigned Names...
SB09-124: Vulnerability Summary for the Week of April 27, 2009
Vulnerability Summary for the Week of April 27, 2009
Cisco Security Center: IntelliShield Cyber Risk Report
April 27-May 3, 2009
Report Highlight: Challenges to Bank Use of Chip-and-PIN Cards
Tech Industry Split on Cybersecurity Regulations
The tech industry appears split about the possibility of new cybersecurity regulations in a bill before the U.S. Congress.
Story on McAfee Security Hole Triggers Another
A story on XSS vulnerabilities in the McAfee Web site inadvertently exposes the same type of flaw on the New York Times' site.
Botnet Probe Turns up 70G Bytes of Personal, Financial Data
Researchers gained control over a well-known network of hacked computers for 10 days, gaining insight into how it steals personal and financial data.
Is Telecommuting the Way to Avoid Swine Flu?
The threat of a flu outbreak prompts companies to reconsider their telework options.
Businesses Need Cybersecurity Support, Congress Told
Government should provide incentives, not mandates to encourage businesses to protect infrastructure, consultant says.
LexisNexis Says Its Data Was Used by Fraudsters
Criminals used LexisNexis to get data for credit card fraud, the company said Friday. 32,000 people are affected.
Torpig Botnet Hijacking Reveals 70GB Of Stolen Data
By Darknet on worms
We did mention Torpig in passing back in January 2008 when talking about the Mebroot rootkit which digs down deep into the Master Boot Record. It seems like Torpig has been pretty active since then and the latest break is that some security researchers have managed to infiltrate the botnet and collect some data on what [...]
Hackers Break Into Virginia Health Professions Database, Demand Ransom
In Fraud
Hackers last week broke into a Virginia state Web site used by pharmacists to track prescription drug abuse. They deleted records on more than 8 million patients and replaced the site's homepage with a ransom note demanding $10 million for the return of the records, according to a posting on Wikileaks.org, an online clearinghouse for leaked documents. Wikileaks reports that the Web site for the Virginia Prescription Monitoring Program was defaced last week with a message claiming that the database of prescriptions had been bundled into an encrypted, password-protected file. Wikileaks has published a copy of the ransom note left in place of the PMP home page, a message that claims the state of Virginia would need to pay the demand in order to gain access to a password needed to unlock those records: "I have your [expletive] In *my* possession, right now, are 8,257,378 patient records and a total
Microsoft Pushing Out IE8 Through Auto Update
In New Patches
Microsoft has begun pushing out Internet Explorer 8, the latest version of its Web browser, to Windows users who are signed up for automatic software updates. If your system has Automatic Updates turned on, you may have already been prompted to install the software. Whether you use IE on a regular basis or not, it's probably a good idea to accept this update, for a couple of reasons. One is speed, both in startup and in normal browsing. From my own, unscientific testing, IE8 simply runs quite a bit faster and smoother than IE7. Various Web sites and blogs have sought to pit IE8's speed against those of other browsers; I won't attempt that here. My take: If you must have any version of IE installed, this is the one you want. The other is improved security. IE8 ships with a feature called SmartScreen Filter, which is designed to block
Facebook Among Top Phished Web Sites
In Latest Warnings
A washingtonpost.com colleague today called my attention to a phishing scam targeting Facebook users that is apparently getting some digital ink from Twitter users and various blogs. I figured this was as good a time as any to note that Facebook is and has been for some time one of the brands most frequently targeted by scam artists, right up there with some of the world's largest banks. According to phishtank.com, a community-based site that tracks phishing Web sites, Facebook.com was the seventh most-phished brand in March -- even ahead of the Internal Revenue Service, and that was during tax month! In fact, Phishtank found at least 104 phishing Web sites targeting Facebook users, or an average of three different Facebook phishing campaigns each day. Why on Earth would cyber crooks want to hijack your Facebook profile? Why, to trick your friends into visiting sites that try to download malicious
Spam From Hijacked Webmail Accounts
In Fraud
A family member called last night, upset and embarrassed that his yahoo.com account was used to blast out spam to all of his contacts. A quick examination of the message headers indicated the spam was indeed sent through his yahoo.com account, and that someone had hijacked his Webmail account password. Upon closer inspection, I noticed that whoever had sent the message had also done the following: deleted the last 30 days worth of messages in the "Sent" folder; added the same message they had spammed out to his e-mail signature, so that the message would be tacked onto each subsequent e-mail he sent; and the perpetrators even signed his first name at the bottom of the message. An Internet search for the domain advertised in the spam -- easylifeing.com -- shows that spammers have advertised this site by hijacking accounts at other free Web mail providers as well, including Hotmail
Equifax Outage Halts Credit Freezes, Fraud Alerts
In From the Bunker
If you've frozen your credit file as a protection against identity thieves, you may have to wait a while longer to get it thawed out. Equifax, one of the big three credit reporting bureaus, is still reeling from a system-wide computer outage that began this weekend. Equifax spokesman Tim Kline said the company experienced a power outage on Sunday as a result of an electric transformer failure, and that it is in the final steps of bringing its last remaining systems online. "We still have some platforms we're bringing up, including those that allow people to unfreeze and freeze their credit, and place fraud alerts," Kline said. "Service is operational for virtually all of our customers and this is last area we need to resolve." That is to say, the only systems still to be brought back online are ones that are required by law and do not earn the
Adobe Warns of Potential Reader Flaw
In Latest Warnings
Adobe Systems Inc. is warning about a potential new security flaw in the latest versions of its Adobe Reader products. Update, Apr. 29, 8:17 a.m. ET: Adobe has confirmed that this affects all currently supported, shipping versions of Adobe Reader (9.1, 8.1.4, and 7.1.1 and earlier versions) for Windows, Mac and Linux. Adobe recommends disabling Javascript in Reader until it can ship a patch. Original post: In its product security incident response team blog, Adobe issued a brief advisory on Monday, saying it is investigating reports of a security hole in Adobe Reader 9.1 and 8.1.4. The company says it will provide an update once it gets more information. The SecurityFocus submission on this vulnerability indicates that it is a Javascript flaw in Reader for versions designed to run on Linux operating systems, although that advisory suggests that other versions or operating systems may also be affected. This may turn
Proposal Would Shore Up Govt. Cyber Defenses
In U.S. Government
While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance. The "U.S. Information and Communications Enhancement Act of 2009," which would update the Federal Information Security Management Act, or FISMA, calls for the creation of hacker squads to test the defenses of federal agency networks. In addition, agencies would be required to show that they can effectively detect and respond to the latest cyber attacks on their information systems. Critics of the current law say it merely requires agencies to show they have the proper cyber security policies in place, but not necessarily demonstrate that those policies are helping to block or mitigate real-world attacks. "Only about five federal agencies are testing to see whether they are actually
Scammers, Spammers Embrace Swine Flu News
In Latest Warnings
There's something vaguely diabolical about a form of unwanted communication named after a brand of canned, chopped pork that piggybacks on a public health scare involving a flu strain derived from swine. Yes, you guessed it: Spammers have seized upon public awareness around the Swine Flu epidemic to hawk knockoff prescription drugs. And we're not talking about flu vaccines, either. According to McAfee Avert Labs, over the weekend spammers began pumping out junk e-mail with various Swine Flu subject lines to trick people into opening the missives. McAfee says the first of those spam campaigns amounted to about 2 percent of global spam volume. Meanwhile, it appears that dozens of new Web site names with the term "swineflu" included in them were registered during the last few days. Researchers at security software maker F-Secure Corp. warn that if similar activity surrounding previous national emergencies is any indicator, scam artists may
Planting Your Flag at Social Networking Sites
In Web Fraud 2.0
On Thursday I shared a laugh with a source at the expense of a mutual acquaintance: a security expert who has for the most part eschewed social networking sites. We were howling because someone who obviously knew enough about this person to push his emotional buttons had registered a Twitter account in his name and was posting some amusing but slightly mocking Tweets. The impersonated person even had several "followers" from the security community. I mention this because it raises an interesting question for people who have embraced social media, but only to a certain point: That is, does it make sense to go ahead and plant your virtual flag at various social networking sites before someone else does it for you, and potentially uses it to make fun of you -- or worse -- abuse your good name to trick your acquaintances into doing something harms you both? Indeed
Hack Against ISP Hijacks Bank, Google Adsense
In Safety Tips
Hackers hijacked a major Brazilian ISP this month in a sophisticated attack that silently served up malicious software and phishing scams to more than a million customers. According to Brazilian news outlet Globo.com, unknown attackers hijacked the domain name system (DNS) records for NET Virtua, a broadband provider that serves at least 1.4 million customers in the region. NET Virtua's DNS records reportedly were hijacked on April 11, so that customers who visited any site that ran Google Adsense content were redirected to a site that tried to install and run a Java applet that in turn installed a Trojan horse program. Globo.com said the attackers also took aim at Bradesco, one of Brazil's largest financial institutions. NET Virtua customers who tried to visit Bradesco.com.br during the four hours the DNS records were hijacked were redirected to a counterfeit version of the site designed to steal customer credentials, the story
Posts
No comments:
Post a Comment