The DHS Daily Open Source
Infrastructure Report covers the publicly reported material for the preceding
day(s) not previously covered. This weekly summary provides a selection
of those items of greatest significance to the InfoSec professional.
Week Ending: Friday, August 14, 2009
Infrastructure Report for 10 August
2009
Now
Twitter. What is next?
34. August 6, Associated Press – (National) Hackers
attack Twitter, Facebook also slows down. Hackers on August 6 shut down the
fast-growing messaging service Twitter for hours, while Facebook experienced
intermittent access problems. Twitter said it suffered a denial-of-service
attack, in which hackers command scores of computers toward a single site at
the same time, preventing legitimate traffic from getting through. The attacks
may have been related to the ongoing political conflict between Russia and
Georgia. They started with hackers using a botnet to send a flurry of spam
e-mail messages that contained links to pages on Twitter, Facebook and other
sites written by a single pro-Abkhazia activist, according to a research
director of the San Francisco-based Packet Clearing House, a nonprofit that
tracks Internet traffic. When people clicked on the links, they were taken to
the activist’s legitimate Web pages, but the process of loading the pages at
such volumes overwhelmed some servers and disrupted service, he said. He said
it is hard to immediately tell whether it was a case of hackers trying to
punish the sites for publishing views they disagree with, or if they were
directing traffic to the sites out of sympathy for the activist’s message. The
fact that a relatively common attack could disable such a well-known Web site
shows just how young and vulnerable Twitter still is, even as it quickly
becomes a household name used by celebrities, large corporations, small
businesses and even protesters in Iran. Source: http://www.google.com/hostednews/ap/article/ALeqM5h4neQXU7Si64Fm2N7s4bOwU7soTQD99TO8500
Infrastructure Report for 11 August
2009
Is there a postcard in your In Box?
32. August 10, Spamfighter News – (National) New study finds computer virus ‘Zeus Bot’ in Internet postcards. The director of computer forensics at the University of Alabama at Birmingham (UK) said bogus postcards circulating on the Internet to reach people’s inboxes globally contain links that lead to the PC virus Zeus Bot. The director said the e-mails are typically designed and their subject lines suggest that they have been sent from the 1001 Postcards website. He also said the phony postcards direct recipients to follow a link to view its contents, however, the moment the click button is pressed; the Zeus Bot virus unleashes itself on the users’ PCs. Thereafter when infection sets in, the malware enables cyber criminals to intercept banking passwords along with account numbers, and e-mail as well as other sensitive account details of users. Furthermore, the director stated that cyber criminals in the current incident were using the Russian language software for Zeus Bot and were utilizing postcards like never before to download and install the virus program on the computers of unwitting users. With the virus getting settled on a PC, the computer is conveniently added to the Zeus Botnet and the malware steals all data that the victim enters into a website. By utilizing an image user interface, the virus monitors the infected systems across the globe while its tools let crooks choose stolen accounts related to banks according to their priority for attack. Source: http://www.spamfighter.com/News-12877-New-Study-Finds-Computer-Virus-Zeus-Bot-in-Internet-Postcards.htm
Infrastructure Report for 12 August
2009
Are
you vulnerable?
37. August 11, Periscope IT – (International) Storage reliability questioned after high profile outages. The reliability of data storage facilities and managed hosting services has been brought into question following a series of high-profile internet outages, it has been claimed. According to Computer World, downtime experienced by Equinix and Primus has raised doubts about both security and reliability of such facilities and their website monitoring services. Internet service provider Primus, which is based in Australia, suffered several hours of downtime as a result of a sub-station fault which prevented a back-up generator from starting. The outage followed hot on the heels of data storage provider Equinix’s Sydney operation going down. The managing director of earthwave, told the news provider that such outages highlight the need for regular testing and website monitoring. “It shows they don’t have the right test procedures and have not validated their infrastructure to work in the event of a disaster,” he added. Recently, a denial of service attack brought down social networking website Twitter. It is believed that similar attacks were levelled at Facebook and LiveJournal at the same time. Source: http://www.periscopeit.co.uk/website-monitoring-news/article/storage-reliability-questioned-after-high-profile-outages/483
Infrastructure Report for 13 August
2009
Surely you have applied the latest
set of Microsoft patches!
37. August 11, PC World – (International) ActiveX overhaul in Microsoft patch batch. Microsoft’s nine security bulletins released Tuesday close a range of security holes involving ActiveX controls, Windows Media files and other software that affect the full array of Windows versions. A fix for a serious flaw in the Microsoft Office Web components, disclosed in July, patches an ActiveX problem that allows for a drive-by-download attack against Internet Explorer users. As per usual, a user will get all these fixes by running Automatic Updates or manually running Microsoft Update. Doing so will also nab this month’s collection of less serious fixes. Attacks against these important-rated holes could result in denial-of-service, privilege escalation and/or login credential theft – nothing a user would want to deal with, but less dangerous than the critical risks that could by themselves allow for malware installation and the like. Source: http://www.pcworld.com/article/170025/activex_overhaul_in_microsoft_patch_batch.html
Infrastructure Report for 14 August
2009
Are we prepared for the attacks that
appear to be likely in the future?
41. August 13, The Register – (International) Virus arms race primes malware numbers surge. Half (52 percent) of new malware strains only stick around for 24 hours or less. The prevalence of short lived variants reflects a tactic by miscreants aimed at overloading security firms so that more damaging strains of malware remain undetected for longer, according to a study by Panda Security. The security firm, based in Bilbao, Spain, detects an average of 37,000 new viruses, worms, Trojans and other security threats per day. Around an average of 19,240 spread and try to infect users for just 24 hours, after which they become inactive as they are replaced by other, new variants. Virus writers — increasingly motivated by profit — try to ensure their creations go unnoticed by users and stay under the radar of firms. It has now become common practice for VXers to review detection rates and modify viral code after 24 hours. The practice goes towards explaining the growing malware production rate. The amount of catalogued malware by Panda was 18 million in the 20 years from the firm’s foundation until the end of 2008. This figure increased 60 percent in just seven months to reach 30 million by 31 July 2009. Source: http://www.theregister.co.uk/2009/08/13/malware_arms_race/
Note: The DHS only maintains the last ten days
of their reports online. To obtain copies of earlier reports or complete
summaries, go to: