The DHS Daily Open Source
Infrastructure Report covers the publicly reported material for the preceding
day(s) not previously covered. This weekly summary provides a selection
of those items of greatest significance to the InfoSec professional.
Week Ending: Friday, August 7, 2009
Infrastructure Report for 3 August
2009
So
you like, use or manage Apple Mac computers.
Then, you should be aware of the following!
38. July 31, SmartCompany.com – (International) Apple computers vulnerable to new cyber attacks, expert warns. Apple Mac computers are not foolproof and can be manipulated by hackers despite their virus-free reputation, a security expert has warned at a conference in Las Vegas. A Mac researcher said at the Black Hat security conference, which is one of the top conferences in the industry, that while Mac viruses remain rare they will become more popular as Apple gains market share. The researcher demonstrated a type of software that is designed to run on certain systems to steal information or control a computer. The “Machiavelli” technique effectively took advantage of vulnerabilities in Apple’s software that many users ignore, as the Mac computer is often marketed by Apple as hardware that does not attract viruses. “There is no magic fairy dust protecting Macs,” he told The Age. The researcher, who co-wrote “The Mac Hacker’s Handbook” with another computer researcher, pointed to research that shows Apple held 9 percent of the computer market in the second quarter of the year. The two also said that because the Mac software holds more code than Microsoft’s Windows operating system, there are more opportunities for hackers to take advantage of the software. Source: http://www.smartcompany.com.au/information-technology/20090731-apple-computers-vulnerable-to-new-cyber-attacks-expert-warns.html
Infrastructure Report for 4 August
2009
Is there possible civilian harm in
cyberwarfare? Could it impact your
business?
4. August 1, New York Times – (National) U.S. weighs risks of civilian harm in cyberwarfare. Fears of collateral damage are at the heart of the debate as the Presidential Administration and its Pentagon leadership struggle to develop rules and tactics for carrying out attacks in cyberspace. While the former Administration seriously studied computer-network attacks, the current Administration is the first to elevate cybersecurity — both defending American computer networks and attacking those of adversaries — to the level of a White House director, whose appointment is expected in coming weeks. But senior White House officials remain so concerned about the risks of unintended harm to civilians and damage to civilian infrastructure in an attack on computer networks that they decline any official comment on the topic. And senior Defense Department officials and military officers directly involved in planning for the Pentagon’s new “cybercommand” acknowledge that the risk of collateral damage is one of their chief concerns. “We are deeply concerned about the second- and third-order effects of certain types of computer network operations, as well as about laws of war that require attacks be proportional to the threat,” said one senior officer. Source: http://news.cnet.com/U.S.-weighs-risks-of-civilian-harm-in-cyberwarfare/2100-7348_3-6249945.html
Infrastructure Report for 5 August
2009
While
this is good news, I it isn’t time yet to allow Twitter into the office!
41. August 3, The Register – (International) Twitter starts filtering links to malware sites. Micro-blogging site Twitter has begun filtering links to known malware sites. The tactic, noticed by security researchers on August 3 but yet to be officially announced by Twitter, is designed to prevent surfers straying onto sites packed with dangerous exploits. Adoption of the approach follows the increased targeting of Twitter by worms, spam and account hijacking attacks over recent weeks. The widespread use of URL shortening in Twitter messages (which can be no longer than 140 characters) makes it easy to hide the true destination of links. A blog posting by an individual of F-Secure explains how surfers are served up a warning message when they attempt to follow a link from Twitter towards a known bad site. A security researcher at Kaspersky Lab adds that Twitter appears to be using Google’s Safe Browsing API. “It won’t catch everything but is definitively a step forward,” he adds. Source: http://www.theregister.co.uk/2009/08/03/twitter_applies_malware_filter/
Infrastructure Report for 6 August
2009
Is your support desk aware of this
issue? If no, perhaps they should be!
31. August 4, The Register – (International) Scareware package mimics Windows Blue Screen of Death. Miscreants have developed a scareware package that mimics Windows’ infamous Blue Screen of Death. Prospective marks are presented with a seemingly crashed system, along with a text warning that they need to buy “security software” to clean up their systems. But the SystemSecurity rogue package on offer has no utility other than scamming people out of their money. Variants of SystemSecurity have been around since at least February 2009. However, the Blue Screen of Death trick is a new social engineering innovation, only spotted in variants of the attack last week by anti-spyware firm Sunbelt Software. SystemSecurity usually makes its way onto compromised Windows PCs via fake video codec installations. Users normally install the bogus code (actually a Trojan horse malware) after following links in spam emails ostensibly inviting them to view video clips. Source: http://www.theregister.co.uk/2009/08/04/bsod_scareware/
Infrastructure Report for 7 August
2009
Be careful. Some
anti-virus products for Vista don’t cut the mustard!
37. August 6, The Register – (International) Top
vendors flunk Vista anti-virus tests. Security vendors including CA and
Symantec failed to secure Windows systems without fault in recent independent
tests. Twelve of the 35 anti-virus products put through their paces by
independent security certification body Virus Bulletin failed to make the grade
for one reason or another and therefore failed to achieve the VB100
certification standard. The main faults were either a failure to detect a
threat known to be in circulation (one particularly tricky polymorphic file
infector caused the most grief in this area) or creating a false alarm about a
file known to be benign. Virus Bulletin’s VB100 tests benchmarks the
performance of a vendor submitted anti-virus product against a set of malware
from the WildList, a list of viruses known to be circulating. To gain VB100
certification, a security product must correctly detect all of these malware
strains without blowing the whistle when scanning a batch of clean files.
Vendors only get one run at passing the tests, which are conducted free of
charge to security software manufacturers. Most, but not all, of the main
vendors submits products for testing. Trend Micro - which has expressed
reservations about Virus Bulletin’s testing methodology - is a notable
dissident. The anti-malware test director at Virus Bulletin, said its biggest
problem in running its most recent tests were crashes and system slowdowns.
“Many of the products in this test did prove stable, speedy and well behaved,
but many others had issues far too serious to be classed as mere quirks and oddities,”
he said. “We experienced a large number of freezes, crashes and hangs, not just
of the product interfaces or of specific scans but in many cases seeing the
whole machine shutting down.” Virus Bulletin recently began assessing the
reactive and proactive detection abilities of anti-virus products alongside the
long-established VB100 tests. The new tests are a reflection that the malware
landscape has changed radically over recent years, with greater malware volumes
and targeted attacks. Source: http://www.theregister.co.uk/2009/08/06/vista_anti_virus_tests/
Note: The DHS only maintains the last ten days
of their reports online. To obtain copies of earlier reports or complete
summaries, go to:
http://dhs-daily-report.blogspot.com/
Comments