The DHS Daily Open SourceInfrastructure Report covers the publicly reported material for the precedingday(s) not previously covered. This weekly summary provides a selectionof those items of greatest significance to the InfoSec professional.
Week Ending: Friday, August 7, 2009
38.
July 31, SmartCompany.com - (International)
Applecomputers vulnerable to new cyber attacks, expert warns. Apple Maccomputers are not foolproof and can be manipulated by hackers despite theirvirus-free reputation, a security expert has warned at a conference in LasVegas. A Mac researcher said at the Black Hat security conference, which is oneof the top conferences in the industry, that while Mac viruses remain rare theywill become more popular as Apple gains market share. The researcherdemonstrated a type of software that is designed to run on certain systems tosteal information or control a computer. The “Machiavelli” techniqueeffectively took advantage of vulnerabilities in Apple's software that manyusers ignore, as the Mac computer is often marketed by Apple as hardware thatdoes not attract viruses. “There is no magic fairy dust protecting Macs,” hetold The Age. The researcher, who co-wrote “The Mac Hacker's Handbook” withanother computer researcher, pointed to research that shows Apple held 9 percentof the computer market in the second quarter of the year. The two also saidthat because the Mac software holds more code than Microsoft's Windowsoperating system, there are more opportunities for hackers to take advantage ofthe software. Source:
http://www.smartcompany.com.au/infor...ert-warns.html
Is there possible civilian harm incyberwarfare? Could it impact yourbusiness?
4.
August 1, New York Times - (National)
U.S.weighs risks of civilian harm in cyberwarfare. Fears of collateral damageare at the heart of the debate as the Presidential Administration and itsPentagon leadership struggle to develop rules and tactics for carrying outattacks in cyberspace. While the former Administration seriously studied computer-networkattacks, the current Administration is the first to elevate cybersecurity -both defending American computer networks and attacking those of adversaries -to the level of a White House director, whose appointment is expected in comingweeks. But senior White House officials remain so concerned about the risks ofunintended harm to civilians and damage to civilian infrastructure in an attackon computer networks that they decline any official comment on the topic. Andsenior Defense Department officials and military officers directly involved inplanning for the Pentagon's new “cybercommand” acknowledge that the risk ofcollateral damage is one of their chief concerns. “We are deeply concernedabout the second- and third-order effects of certain types of computer networkoperations, as well as about laws of war that require attacks be proportionalto the threat,” said one senior officer. Source:
http://news.cnet.com/U.S.-weighs-ris...3-6249945.html
Whilethis is good news, I it isn't time yet to allow Twitter into the office!
41.
August 3, The Register - (International)
Twitterstarts filtering links to malware sites. Micro-blogging site Twitter hasbegun filtering links to known malware sites. The tactic, noticed by securityresearchers on August 3 but yet to be officially announced by Twitter, isdesigned to prevent surfers straying onto sites packed with dangerous exploits.Adoption of the approach follows the increased targeting of Twitter by worms, spamand account hijacking attacks over recent weeks. The widespread use of URLshortening in Twitter messages (which can be no longer than 140 characters)makes it easy to hide the true destination of links. A blog posting by anindividual of F-Secure explains how surfers are served up a warning messagewhen they attempt to follow a link from Twitter towards a known bad site. Asecurity researcher at Kaspersky Lab adds that Twitter appears to be usingGoogle's Safe Browsing API. “It won't catch everything but is definitively astep forward,” he adds. Source:
http://www.theregister.co.uk/2009/08...alware_filter/
Is your support desk aware of thisissue? If no, perhaps they should be!
31.
August 4, The Register - (International)
Scarewarepackage mimics Windows Blue Screen of Death. Miscreants have developed ascareware package that mimics Windows' infamous Blue Screen of Death.Prospective marks are presented with a seemingly crashed system, along with atext warning that they need to buy “security software” to clean up their systems.But the SystemSecurity rogue package on offer has no utility other thanscamming people out of their money. Variants of SystemSecurity have been aroundsince at least February 2009. However, the Blue Screen of Death trick is a newsocial engineering innovation, only spotted in variants of the attack last weekby anti-spyware firm Sunbelt Software. SystemSecurity usually makes its wayonto compromised Windows PCs via fake video codec installations. Users normallyinstall the bogus code (actually a Trojan horse malware) after following linksin spam emails ostensibly inviting them to view video clips. Source:
http://www.theregister.co.uk/2009/08/04/bsod_scareware/
Be careful. Some anti-virus products for Vista don't cut the mustard!
37.
August 6, The Register - (International)
Topvendors flunk Vista anti-virus tests. Security vendors including CA andSymantec failed to secure Windows systems without fault in recent independenttests. Twelve of the 35 anti-virus products put through their paces byindependent security certification body Virus Bulletin failed to make the gradefor one reason or another and therefore failed to achieve the VB100certification standard. The main faults were either a failure to detect athreat known to be in circulation (one particularly tricky polymorphic fileinfector caused the most grief in this area) or creating a false alarm about afile known to be benign. Virus Bulletin's VB100 tests benchmarks theperformance of a vendor submitted anti-virus product against a set of malwarefrom the WildList, a list of viruses known to be circulating. To gain VB100certification, a security product must correctly detect all of these malwarestrains without blowing the whistle when scanning a batch of clean files.Vendors only get one run at passing the tests, which are conducted free ofcharge to security software manufacturers. Most, but not all, of the mainvendors submits products for testing. Trend Micro - which has expressedreservations about Virus Bulletin's testing methodology - is a notabledissident. The anti-malware test director at Virus Bulletin, said its biggestproblem in running its most recent tests were crashes and system slowdowns.“Many of the products in this test did prove stable, speedy and well behaved,but many others had issues far too serious to be classed as mere quirks and oddities,”he said. “We experienced a large number of freezes, crashes and hangs, not justof the product interfaces or of specific scans but in many cases seeing thewhole machine shutting down.” Virus Bulletin recently began assessing thereactive and proactive detection abilities of anti-virus products alongside thelong-established VB100 tests. The new tests are a reflection that the malwarelandscape has changed radically over recent years, with greater malware volumesand targeted attacks. Source:
http://www.theregister.co.uk/2009/08...i_virus_tests/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...
08-08-2009
