|
|
07-06-2009
Registered User
26,240,
27
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"
The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Were the computers you are responsible for among those so infected?
27. June 26, SoftPedia - (International) Over 2.7 billion vulnerable programs installed on U.S. computers. Reputed Danish vulnerability intelligence provider Secunia has recently released version 1.5 of its free Personal Software Inspector (PSI) application. Statistics gathered by the software reveal frightening numbers, such as 2,720,800,000 vulnerable programs being installed on U.S. computers. Secunia PSI is a free application that scans the programs installed on a computer in order to determine if they are affected by any security vulnerabilities. In order to make this assessment, PSI queries the company's database of security advisories, one of the most complete in the world. If an application is found to be vulnerable, PSI verifies if any update or newer version that might fix the issue is available and provides the user with a direct download link to it. The tool also tags programs that reached their end of life and are no longer supported by their developers, as a security risk. According to Secunia, there is an estimated number of 227 million Internet users in the United States, out of which about 400,000 have scanned their computers with PSI. The company notes that PSI users currently have an average of four unpatched programs installed, while the average U.S. Internet users have 12 such applications on their computers. “The fact that US based PC users have more than 2.7 billion vulnerable programs installed are shocking! And quite frankly I am very surprised, we had an idea it would be bad, but couldn't imagine the enormous scope of this problem. And to make things even worse, the picture formed in the US is the same all over the world,” the manager of Secunia's PSI Partner Program noted. Secunia's statistics seem to be consistent with the malware distribution trends observed in recent times. Cyber-criminals have come to rely more and more on vulnerabilities in order to infect computers - and not just the ones affecting the Windows operating system itself, but other popular programs as well, such as Adobe Flash Player, Adobe Reader, Mozilla Firefox, Opera, Internet Explorer, PowerPoint, Word, and so on. Source: http://news.softpedia.com/news/Over-...s-115129.shtml
Are you prepared to host a botnet?
31. June 26, PC World - (International) Security experts visualize botnets with an eye toward defense. Not all botnets are organized in the same way. That is the conclusion of a report from Damballa which seeks to categorize the dominate structures. It attempts to explain why certain types of blocking and filtering will work against some botnets, and not for others. “The ‘hybrid' threat banner is often cast about,” says the vice president of Research, Damballa, an enterprise security company specializing in botnet mitigation, “But that label means nothing to teams tasked with defending the enterprise. By explaining the topologies (and their strengths and weaknesses) these teams can better visualize the threat.” The Star structure is the most basic and offers individual bots a direct communication with the Command and Control (CnC) server. It can be visualized in a star-like pattern. However, by providing direct communications with one CnC server the botnet creates a single point of failure. Take out the CnC server and the botnet expires. The vice president says the Zeus DIY botnet kit, out of the box, is a star pattern, but that botmasters often upgrade, making it multiserver. “In most cases, particular botnets can be classed as a member of just one CnC topology - but it is often down to the botnet master which one they choose.” Multi-Server is the logical extension of the Star structure using multiple CnC servers to feed instructions to the individual bots. This design, says the vice president, offers resiliency should any one CnC server go down. It also requires sophisticated planning in order to execute. Srizbi is a classic example of a multi-server CnC topology botnet. Source: http://www.pcworld.com/businesscente...d_defense.html
Can your firm be impacted by a similar failure?
30. June 30, National Business Review - (International) Xero taken offline by massive U.S. data center failure. One of the drawbacks of cloud computing was dramatically illustrated on June 30 as Rackspace, one of the world's largest Web hosts, went offline for 45 minutes. New Zealand's Xero was one of many SaaS (software-as-a-service) providers knocked out by the failure, with glitches continuing for hours. The accounting software provider went offline around 8:30 a.m. as Rackspace, which hosts all of Xero's data, was hit by a still-unexplained, catastrophic failure. All Xero servers were back up and running by 9:10 a.m., the chief operations officer told NBR. Some customers were still reporting problems logging on through the morning and early afternoon, as recorded on Xero's blog. The chief operations officer says these were cookie and DNS (domain name server) issues, which were resolved by asking customers to restart. The fault was caused by a power failure at the U.S. company's giant data center in Dallas. But with Rackspace maintaining server farms around nine locations in the United States, United Kingdom, and Hong Kong, it is not clear why a failure at one facility took its systems completely offline. The power fault also took out Rackspace's own Web site and help center, adding to the confusion. It was left to the company's Twitter account to relay the disaster to the outside world. When Rackspace came back online, it was running on a mix of utility and backup power, the chief operations officer notes. He speculates that “there must have been some pretty significant component failure possibly at the point where maintenance work was being done.” He said the company could look at a second cloud host. Rackspace hosts sites and services for more than 62,000 companies. Source: http://www.nbr.co.nz/article/xero-ta...failure-104349
Beware of the Zeus Trojan variant!
38. June 30, InformationWeek - (International) Zeus Trojan variant steals FTP login details. A new Trojan malware has been detected harvesting FTP account information from compromised computers. The number of affected accounts identified by Prevx, a maker of computer security software, rose from 66,000 on June 24 to 74,000 two days later. According to the director of research at Prevx, the Trojan is highly infectious. “We rate this infection as critical,” he said in a blog post on June 28. “The infection has a ‘China Syndrome' potential. It includes a cyclic infection which leverages infected PCs to programmatically modify hi-volume Web sites to infect additional users who become part of the cycle. More users leads to more discovery of Web site admin credentials which in turn leads to more Web sites being modified to serve the infection which leads to more infected users.” The malware infects visitors to compromised Web sites using malicious JavaScript code. The malicious script redirects visitors to Web sites hosting exploit kits, which test visitors' computers to find vulnerabilities in installed operating systems and applications to exploit. If a vulnerability is found and successfully exploited, malware is installed, a variant of the Zeus family. It scans compromised machines for FTP credentials and then posts those credentials to a Web server in the Cayman Islands. It also enlists the victim's computer to further spread the infection. Source: http://www.informationweek.com/news/...leID=218102149
July 3rd, 2009 was a U.S. holiday for Independence Day. Thus, no report was prepared.
Note: The DHS only maintains the last ten days of their reports online. To obtain copies of earlier reports or complete summaries, go to:
More...
Week Ending: Friday, July 3, 2009
Were the computers you are responsible for among those so infected?
27. June 26, SoftPedia - (International) Over 2.7 billion vulnerable programs installed on U.S. computers. Reputed Danish vulnerability intelligence provider Secunia has recently released version 1.5 of its free Personal Software Inspector (PSI) application. Statistics gathered by the software reveal frightening numbers, such as 2,720,800,000 vulnerable programs being installed on U.S. computers. Secunia PSI is a free application that scans the programs installed on a computer in order to determine if they are affected by any security vulnerabilities. In order to make this assessment, PSI queries the company's database of security advisories, one of the most complete in the world. If an application is found to be vulnerable, PSI verifies if any update or newer version that might fix the issue is available and provides the user with a direct download link to it. The tool also tags programs that reached their end of life and are no longer supported by their developers, as a security risk. According to Secunia, there is an estimated number of 227 million Internet users in the United States, out of which about 400,000 have scanned their computers with PSI. The company notes that PSI users currently have an average of four unpatched programs installed, while the average U.S. Internet users have 12 such applications on their computers. “The fact that US based PC users have more than 2.7 billion vulnerable programs installed are shocking! And quite frankly I am very surprised, we had an idea it would be bad, but couldn't imagine the enormous scope of this problem. And to make things even worse, the picture formed in the US is the same all over the world,” the manager of Secunia's PSI Partner Program noted. Secunia's statistics seem to be consistent with the malware distribution trends observed in recent times. Cyber-criminals have come to rely more and more on vulnerabilities in order to infect computers - and not just the ones affecting the Windows operating system itself, but other popular programs as well, such as Adobe Flash Player, Adobe Reader, Mozilla Firefox, Opera, Internet Explorer, PowerPoint, Word, and so on. Source: http://news.softpedia.com/news/Over-...s-115129.shtml
Are you prepared to host a botnet?
31. June 26, PC World - (International) Security experts visualize botnets with an eye toward defense. Not all botnets are organized in the same way. That is the conclusion of a report from Damballa which seeks to categorize the dominate structures. It attempts to explain why certain types of blocking and filtering will work against some botnets, and not for others. “The ‘hybrid' threat banner is often cast about,” says the vice president of Research, Damballa, an enterprise security company specializing in botnet mitigation, “But that label means nothing to teams tasked with defending the enterprise. By explaining the topologies (and their strengths and weaknesses) these teams can better visualize the threat.” The Star structure is the most basic and offers individual bots a direct communication with the Command and Control (CnC) server. It can be visualized in a star-like pattern. However, by providing direct communications with one CnC server the botnet creates a single point of failure. Take out the CnC server and the botnet expires. The vice president says the Zeus DIY botnet kit, out of the box, is a star pattern, but that botmasters often upgrade, making it multiserver. “In most cases, particular botnets can be classed as a member of just one CnC topology - but it is often down to the botnet master which one they choose.” Multi-Server is the logical extension of the Star structure using multiple CnC servers to feed instructions to the individual bots. This design, says the vice president, offers resiliency should any one CnC server go down. It also requires sophisticated planning in order to execute. Srizbi is a classic example of a multi-server CnC topology botnet. Source: http://www.pcworld.com/businesscente...d_defense.html
Can your firm be impacted by a similar failure?
30. June 30, National Business Review - (International) Xero taken offline by massive U.S. data center failure. One of the drawbacks of cloud computing was dramatically illustrated on June 30 as Rackspace, one of the world's largest Web hosts, went offline for 45 minutes. New Zealand's Xero was one of many SaaS (software-as-a-service) providers knocked out by the failure, with glitches continuing for hours. The accounting software provider went offline around 8:30 a.m. as Rackspace, which hosts all of Xero's data, was hit by a still-unexplained, catastrophic failure. All Xero servers were back up and running by 9:10 a.m., the chief operations officer told NBR. Some customers were still reporting problems logging on through the morning and early afternoon, as recorded on Xero's blog. The chief operations officer says these were cookie and DNS (domain name server) issues, which were resolved by asking customers to restart. The fault was caused by a power failure at the U.S. company's giant data center in Dallas. But with Rackspace maintaining server farms around nine locations in the United States, United Kingdom, and Hong Kong, it is not clear why a failure at one facility took its systems completely offline. The power fault also took out Rackspace's own Web site and help center, adding to the confusion. It was left to the company's Twitter account to relay the disaster to the outside world. When Rackspace came back online, it was running on a mix of utility and backup power, the chief operations officer notes. He speculates that “there must have been some pretty significant component failure possibly at the point where maintenance work was being done.” He said the company could look at a second cloud host. Rackspace hosts sites and services for more than 62,000 companies. Source: http://www.nbr.co.nz/article/xero-ta...failure-104349
Beware of the Zeus Trojan variant!
38. June 30, InformationWeek - (International) Zeus Trojan variant steals FTP login details. A new Trojan malware has been detected harvesting FTP account information from compromised computers. The number of affected accounts identified by Prevx, a maker of computer security software, rose from 66,000 on June 24 to 74,000 two days later. According to the director of research at Prevx, the Trojan is highly infectious. “We rate this infection as critical,” he said in a blog post on June 28. “The infection has a ‘China Syndrome' potential. It includes a cyclic infection which leverages infected PCs to programmatically modify hi-volume Web sites to infect additional users who become part of the cycle. More users leads to more discovery of Web site admin credentials which in turn leads to more Web sites being modified to serve the infection which leads to more infected users.” The malware infects visitors to compromised Web sites using malicious JavaScript code. The malicious script redirects visitors to Web sites hosting exploit kits, which test visitors' computers to find vulnerabilities in installed operating systems and applications to exploit. If a vulnerability is found and successfully exploited, malware is installed, a variant of the Zeus family. It scans compromised machines for FTP credentials and then posts those credentials to a Web server in the Cayman Islands. It also enlists the victim's computer to further spread the infection. Source: http://www.informationweek.com/news/...leID=218102149
July 3rd, 2009 was a U.S. holiday for Independence Day. Thus, no report was prepared.
Note: The DHS only maintains the last ten days of their reports online. To obtain copies of earlier reports or complete summaries, go to:
More...