Review

“Shadows in the Cloud” hang over the otherwise sunny PRC A spokesperson for the Chinese Foreign ministry has tried to minimize a report from investigators in Toronto that hackers based in China breached computers of the Indian Government and others and downloaded classified material. The Information Warfare Monitor and the Shadowserver Foundation extensively documented an eight-month investigation that revealed a network of infected government and military computers. The net was controlled from servers in China and stole a variety of classified documents. They posted their 52-page report, “Shadows in the Cloud: investigating cyber espionage 2.0” today on scribd.com ...

A blog contributor who goes by the name of “jeremy” has continued to research the possibilities inherent in the recently discovered .pdf-file weakness that could enable the execution of code. Jeremy posted earlier this week that he had created a proof of concept .pdf file that could spread to other .pdf files on a system or network (which makes it a worm). “Within the proof of concept I infected a single benign PDF file from another PDF file, but this proof of concept could easily be modified to recursively traverse a users computer directories to find and infect all PDF files on that users computer and/or accessible to that user at the time of execution with any payload of my choosing.” He wrote on the SudoSecure.net site. ...

I could talk about how The Matrix was a pretty big deal for me back in the day, or how The Matrix Online is (to date) the only MMORPG I ever liked enough to pay a monthly subscription for, or how I think people doing Kung Fu in bullet time is still the best thing ever. Mostly, I’ll just show you this: And this: Is there a glitch in the Matrix? You bet. Unfortunately it seems the website of one of the actors from Reloaded / Revolutions (Harry Lennix, who played Commander Lock) has been hacked and is now, bizarrely, the scene of some Cyber Kung-Fu gone wrong as two warring factions go to, er, war. ...

If you like downloading or installing programs on your PC related to XBox gaming, you might want to take heed of this writeup. There’s a fake application kit in circulation that allows an attacker to create a website claiming to be an XBox Live application that takes the form of a Java install. Upon visiting a site related to this scam, the end-user will see a blank webpage with nothing other than a Java notice and a fake Softpedia award at the bottom of the screen: ...

Rob VandenBrink has written a piece on the SANS web site Diary (“The Many Paths to Security Awareness”) with an interesting take on the very large topic of computer security awareness. “Security Awareness does not mean the same thing to everyone in a company,” sums up his point. “From a Security Awareness perspective the blanket term ‘end user’ grows to encompass many audiences – not only folks with basic desks and phones, but developers, senior managers, salespeople, engineers, health-care professionals, all kinds of people with different concerns, different goals, and a different set of reasons/excuses for exceptions to one thing or another,” he wrote. ...

Though it is true that malware is getting more and more sophisticated I am sometimes surprised by the lack of skills coming from wannabe botnet operators. Today, I stumbled upon a hacker’s forum which nicely demonstrates just how low is the technical knowledge level of the forum members. A search for “Zeus” produces several hundred results, many of them surprisingly basic, looking for help with installing a Zeus server or an advice about the best bulletproof hosting. ...

Our good friends at Hanoi, Viet Nam, -based security firm Bkis have written about an interesting malcode lure: Trojans masquerading as updates for popular applications such as Adobe, Java or Windows. The fake updates are distributed with icons of the application they’re impersonating. Analyst Nguyen Cong Cuong wrote: “In addition, on being executed, they immediately turn on the following services: DHCP client, DNS client, Network share and open port to receive hacker’s commands.” ...

Well, this is unfortunate. In the UK, they have something called “The Big Issue”, which is a magazine designed to help the homeless get back into society via a legitimate income. It sells around 300,000 copies a week and is listed as the third-favourite newspaper of young British people aged 15 to 24, according to Wikipedia. At this moment in time, The Big Issue website is playing host to a French Paypal Phish – they have a zipped copy of the Phish uploaded to the server, and a live Phish directory too: ...

Malware authors use numerous unconventional techniques in their attempts to create malicious code that is not detected by antivirus software. As malicious code analysts, though, it is our job to analyze their creations, and as such we have to be constantly vigilant for the latest tricks that the malware authors employ. While looking at some PDFs yesterday, something suspicious caught my eye. The PDF file format supports compression and encoding of embedded data, and also allows multiple cascading filters to be specified so that multi-level compression and encoding of that data is possible. The PDF stream filters usually look something like this: ...

A friend of mine forwarded a suspicious email message recently. I’ve replaced the domain, order number, etc. below: I validated for my friend that the email was bogus. The domain was not held by Domain Registry of America (DROA), and never had been. The domain was not expiring in the next 90 days. Later he received a follow-up email: The scam attempts to get domain holders to transfer service and pay accordingly. It seems this scam has been around for at least eight years, though it has morphed over time. Apparently the DROA has chosen to test the 2003 judgment by the Federal Trade Commission (http://www.ftc.gov/opa/2003/12/domainreg.shtm). One thing of interest here is the two-staged approach: The first message requires no action by the recipient, but the second message tells the user to obtain and hand over the keys to the castle. ...