Report

In the security industry we often focus heavily on new technologies and shiny new software, and forget that so much of what we see is dependent on the person behind the computer. Today, a co-worker of mine was sent an email from someone she doesn’t know, with the following text: “I’m writing this with tears in my eyes,my fam and I came down here to Wales,United Kingdom for a short vacation unfortunately we were mugged at the park of the hotel where we stayed,all cash,credit card and cell were stolen off us but luckily for us we still have our passports with us. ...

There is a risk to computer security from governments. Regulatory changes, even if they are very positive measures, can impose huge demands on an enterprise (i.e. HIPPA, Sarbanes-Oxley, California’s law requiring notification of customers whose personal information is hacked on company sites.) The “government” risk can get no bigger than the clash of Google and the government of China over the censorship issue. The world suspects that the Chinese government or its proxies were behind a campaign of hacking against Google and other major U.S companies several months ago. Google reacted to the hacks by saying in January that it would stop censoring search results for web users in China. Monday it said it would move to Hong Kong. ...

Älypää, a popular Finnish game and quiz site, announced a database breach late last night. Over 127,000 account names and passwords were leaked. The site has currently suspended access and doesn’t maintain any personal details but Älypää users should determine whether or not they recycle their passwords elsewhere. If so, those accounts are at risk of being hacked. CERT-FI guidelines can be found here. Here’s a list of the top 20 domains on the list: ...

Generally speaking, most website defacements I see tend to look the same with political activist Y decrying political activist Z, or leet hax0rs posting up a mile-long shoutout list to their crew. This one is, er, a little different – a defacement of what appears to have been a site involved in fish logistics and / or preservation, fish2see(dot)dk. I can only imagine the horror on the face of the site admin who woke up this morning to be confronted by this: ...

The DarkReading site is carrying a story about brand-protection firm MarkMonitor’s finding that phishing increased 62 percent in 2009 with 565,502 attacks in the year. MarkMonitor is based in San Francisco. Other conclusions in MarkMonitor’s 2009 BrandJacking Index report: The huge increase can probably be attributed to the use of botnets and the large amount of personal information that can be scraped from social network sources. 2009 saw the all-time high average of 600 phishing attacks per organization only 33 percent of victims were first-time targets. Social networks suffered 11,240 attacks – two percent of the year’s total. The U.S. hosted 44.7 percent of phishing attacks, up from 36.5 in 2008. DarkReading story Here. ...

Or is it at the saturation point? The SANS Institute (acronym = SysAdmin, Audit, Network, Security) web site carried a blog piece that gives a good snapshot of the horrible ongoing plague of spam email that IT folks all over the globe must deal with. The writer, Deborah Hale, said the ISP in the Midwest where she works received almost 20 million pieces of email for more than 9,000 accounts since the beginning of March. Only 713,222 (3.6 percent) were NOT spam. ...

Are Mac OS X rogues an emerging threat? For many years discussions of the potential for malware on Macs have ended with the conclusion: “there isn’t much yet, but as soon as Mac gets a big market share the dark side is going to start writing the code.” There are indications that the bad guys are working on it. There have been some blog posts suggesting that the dark side is working hard to create a Mac OS X compatible rogue. SCMagazine is carrying a piece quoting a spokesman for researchers at Intego. Apparently Intego researchers got proof-of-concept code for an OS X rogue from underground sources and determined that it didn’t quite work. However, they concluded that some sophisticated coding was going on: ...

Be on the lookout for websites offering up “free applications” which come with a nasty sting in the tail. Here’s a typical example: Appzkeygen(dot)com If you like videogame consoles, you may be a fan of emulators (programs that ape long dead consoles, allowing you to play old games on your PC – we’ll avoid the murky legal minefield that comes with this practice and instead focus on the malware). Below is a Playstation 2 emulator – no really, it is. Would they lie to you? ...

Here is yet another example of a company distributing malware to its userbase. Unfortunately it probably won’t be the last. Today one of our colleagues received a brand new Vodafone HTC Magic with Google’s Android OS. “Neat” she said. Vodafone distributes this phone to its userbase in some European countries and it seems affordable as you can get it for 0€ or 1€ under certain conditions. The interesting thing is that when she plugged the phone to her PC via USB her Antivirus went off, detecting both an autorun.inf and autorun.exe as malicious. A quick look into the phone quickly revealed it was infected and spreading the infection to any and all PCs that the phone would be plugged into. ...

Hmmm. A new vector for malware: USB battery chargers. Wonderful. The U.S. Computer Emergency Response Team (CERT) is warning that Energizer DUO USB battery chargers have been found infected with a Trojan that loads backdoor malware on a victim PC along with its battery monitoring software. The charger copies a .dll file named UsbCharger.dll in the application’s directory and another named Arucer.dll in the Windows system32 directory. USBCharger sets a registry entry to autoexecute Arucer.dll when Windows starts. ...