The DHS Daily Open Source
Infrastructure Report covers the publicly reported material for the preceding
day(s) not previously covered. This weekly summary provides a selection
of those items of greatest significance to the InfoSec professional.
Week Ending: Friday, June 19, 2009
Infrastructure Report for 15 June 2009
Watch
out for Keykeriki. It captures wireless
keyboard strokes!
38. June 11, VNUNet.com – (International) Symantec warns of wireless keyboard security threat. Security firm Symantec has uncovered a new form of attack aimed at users of wireless keyboards. The warning follows the release of Keykeriki, an open-source “sniffer” project that allows users to remotely decode wireless transmissions. Symantec said that this effectively creates a new type of key-logger that could be used by cybercriminals to steal sensitive data such as user names, passwords and bank details. The project was created by a site called remote-exploit.org. “This open-source hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only),” the site notes. Symantec warned that, although the creator’s intentions appear honorable, making the software code and hardware schematics open to everyone means that criminals could use the software to eavesdrop on wireless keyboard inputs. The criminals would not have to install anything on the host system, but would simply have to be in range of the keyboard’s wireless signal. Symantec said that future wireless keyboards should introduce encrypted communication between the device and the receiver, and warned those working on office or public computers to resort to wired keyboards for the time being. Source: http://www.enterprise-security-today.com/story.xhtml?story_id=67095
Infrastructure Report for 16 June 2009
Phishing is likely to rise as “phishing
toolkits” are on the rise!
39. June 14, ITWire.com – (International) Use of
phishing toolkits on the rise. There has been a huge increase in the use of
phishing toolkits, with 42 percent of phishing URLs recently generated using
the toolkits, and the emergence of a new trend of phishing attacks towards the
popular social networking site, Facebook. Symantec, in its June phishing
report, says it observed an increase in URLs using phishing toolkits during May
of 100 percent over the previous month, with a 14 percent decrease in
non-English phishing sites compared to February. The security firm also reports
that during May, more than 98 Web hosting services were used, which accounted
for six percent of all phishing attacks, which was a decrease of five percent
from the previous month. According to the executive editor security response at
Symantec, Symantec observed that 58 percent of all attacks were from unique
phishing Web sites, which included more than 206 targeted known brands. “The
unique attacks decreased by nine percent from the previous month. This was the
result of a sharp increase in toolkit activity as the trending of the two is
usually inversely correlated.” In relation to the use of toolkits, Symantec
says that that there was a sudden increase in toolkit attacks during the first
week of May, primarily targeting the information services and financial
sectors, due primarily to the resurgence in phishers targeting Facebook.
Source: http://www.itwire.com/content/view/25643/53/
Infrastructure Report for 17 June 2009
Java
flaws patched. Have you posted yours?
31. June 16, Washington Post – (International) Apple
patches Java flaws, at last. Apple on June 15 shipped updates to plug more
than two dozen security holes in its version of Java, including a particularly
dangerous flaw that Java maker Sun patched back in early December. In May,
Security Fix and others took Apple to task for taking too long to fix Java
vulnerabilities. In fact, Apple patches Java flaws on average about six months
after Sun had shipped its own updates to fix the same vulnerabilities. At least
two different researchers even released proof-of-concept exploits to shame
Apple into quickly fixing an easy-to-exploit vulnerability that potential
attackers had known about for six months. This Java update appears to address
most of the outstanding Java vulnerabilities. From looking at the common
vulnerabilities and exposures (CVE) numbers attached to each of the flaws fixed
by Apple’s Java rollup, it looks like this update brings Mac OS X systems to
the equivalent of Java 6 Update 13 (Sun recently released Update 14, but there
do not appear to be any security related fixes in that bundle). Source: http://voices.washingtonpost.com/securityfix/2009/06/apple_patches_java_flaws_at_la.html?wprss=securityfix
Infrastructure Report for 18 June 2009
Sophisticated online crime rings are
getting a foothold!
34. June 16, San Francisco Chronicle – (International) Sophisticated online crime ring detected. Security researchers have uncovered a sophisticated online network for buying and selling access to infected PCs, raising concerns that businesses, governments and even home computer users are growing ever more vulnerable to cybercrime. Called GoldenCashWorld, the network acts as a one-stop shop for people who seek to acquire, sell or trade infected computers and Web sites. Infected PCs can be used to send spam or collect documents and personal information or inject new Web sites with malicious code that can in turn be passed on to fresh PCs. The network also includes tools for creating malicious code and stolen credentials for about 100,000 Web sites. Although it appears to be in Russia, about 40 percent of the computers compromised through the network belong to individuals or companies in the United States. “This is the most advanced network we have found,” said the chief technology officer of Finjan, a venture-funded security company based in San Jose that found the network two months ago. “They are trying to combine all the elements together and enable more people to participate in this crime.” Other security researchers said that they were not surprised by Finjan’s discovery, which the company announced on June 16. Source: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/06/16/BUK618882A.DTL
Infrastructure Report for 19 June 2009
Have you seen any signs of the worm
W32.SafeSys? It is very stealthy.
36. June 18, Spamfighter.com – (International) BKIS – Deep Freeze application fails to detect new Chinese worm. Security researchers at Bach Khoa International Security (BKIS) have warned computer users about a new worm called W32.SafeSys.Worm that has an ability to bypass security applications such as Deep Freeze. The worm was first detected in early March 2009, and since then, around 174 new variants of this Chinese born virus have been discovered on the Internet. Faronics has developed Deep Freeze application to facilitate administrators to restore their systems after being used by unauthorized parties. Cybercafes, school computer labs and libraries are increasingly using this application to protect their systems from hackers’ attacks. Deep Freeze prime function is to monitor changes in sectors (like data storage area) within hard disk partitions and save changes in another area (like buffer). When a normal program retrieves anyone of these sectors, it collects data from the buffer sector instead of the original sectors. As the system initiates the rebooting process, temporary data saved in the buffer gets deleted and the system is restored to its previous state. Hence, online shops often believe that their systems are safe from virus attacks as they have installed Deep Freeze application. However, W32.SafeSys.Worm utilizes a new technique in which it directly writes on sectors of hard disk by requesting for direct link with the disk controller. Interestingly, the worm does not leave any scope for its identification by frozen system programs such as Deep Freeze while writing on hard disk. It has been found that online shops solely depends on the abovementioned software and do not have other protections installed fall to W32.SafeSys.Worm. As per the figures given by BKIS, nearly 45,000 computers across Vietnam have been discovered with this virus. Source: http://www.spamfighter.com/News-12578-BKIS-%E2%80%93-Deep-Freeze-Application-Fails-to-Detect-New-Chinese-Worm.htm
Note: The DHS only maintains the last ten days
of their reports online. To obtain copies of earlier reports or complete
summaries, go to:
http://dhs-daily-report.blogspot.com/
Comments