|
|
08-15-2009
Registered User
26,240,
27
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"
The DHS Daily Open SourceInfrastructure Report covers the publicly reported material for the precedingday(s) not previously covered. This weekly summary provides a selectionof those items of greatest significance to the InfoSec professional.
NowTwitter. What is next?
34. August 6, Associated Press - (National) Hackersattack Twitter, Facebook also slows down. Hackers on August 6 shut down thefast-growing messaging service Twitter for hours, while Facebook experiencedintermittent access problems. Twitter said it suffered a denial-of-serviceattack, in which hackers command scores of computers toward a single site atthe same time, preventing legitimate traffic from getting through. The attacksmay have been related to the ongoing political conflict between Russia andGeorgia. They started with hackers using a botnet to send a flurry of spame-mail messages that contained links to pages on Twitter, Facebook and othersites written by a single pro-Abkhazia activist, according to a researchdirector of the San Francisco-based Packet Clearing House, a nonprofit thattracks Internet traffic. When people clicked on the links, they were taken tothe activist's legitimate Web pages, but the process of loading the pages atsuch volumes overwhelmed some servers and disrupted service, he said. He saidit is hard to immediately tell whether it was a case of hackers trying topunish the sites for publishing views they disagree with, or if they weredirecting traffic to the sites out of sympathy for the activist's message. Thefact that a relatively common attack could disable such a well-known Web siteshows just how young and vulnerable Twitter still is, even as it quicklybecomes a household name used by celebrities, large corporations, smallbusinesses and even protesters in Iran. Source: http://www.google.com/hostednews/ap/...7soTQD99TO8500
Is there a postcard in your In Box?
32. August 10, Spamfighter News - (National) Newstudy finds computer virus ‘Zeus Bot' in Internet postcards. The directorof computer forensics at the University of Alabama at Birmingham (UK) saidbogus postcards circulating on the Internet to reach people's inboxes globallycontain links that lead to the PC virus Zeus Bot. The director said the e-mailsare typically designed and their subject lines suggest that they have been sentfrom the 1001 Postcards website. He also said the phony postcards directrecipients to follow a link to view its contents, however, the moment the clickbutton is pressed; the Zeus Bot virus unleashes itself on the users' PCs.Thereafter when infection sets in, the malware enables cyber criminals tointercept banking passwords along with account numbers, and e-mail as well asother sensitive account details of users. Furthermore, the director stated thatcyber criminals in the current incident were using the Russian languagesoftware for Zeus Bot and were utilizing postcards like never before todownload and install the virus program on the computers of unwitting users.With the virus getting settled on a PC, the computer is conveniently added tothe Zeus Botnet and the malware steals all data that the victim enters into awebsite. By utilizing an image user interface, the virus monitors the infectedsystems across the globe while its tools let crooks choose stolen accountsrelated to banks according to their priority for attack. Source: http://www.spamfighter.com/News-1287...-Postcards.htm
Areyou vulnerable?
37. August11, Periscope IT - (International) Storage reliability questionedafter high profile outages. The reliability of data storage facilities andmanaged hosting services has been brought into question following a series ofhigh-profile internet outages, it has been claimed. According to ComputerWorld, downtime experienced by Equinix and Primus has raised doubts about bothsecurity and reliability of such facilities and their website monitoringservices. Internet service provider Primus, which is based in Australia,suffered several hours of downtime as a result of a sub-station fault whichprevented a back-up generator from starting. The outage followed hot on theheels of data storage provider Equinix's Sydney operation going down. Themanaging director of earthwave, told the news provider that such outageshighlight the need for regular testing and website monitoring. “It shows theydon't have the right test procedures and have not validated theirinfrastructure to work in the event of a disaster,” he added. Recently, adenial of service attack brought down social networking website Twitter. It isbelieved that similar attacks were levelled at Facebook and LiveJournal at thesame time. Source: http://www.periscopeit.co.uk/website...le-outages/483
Surely you have applied the latestset of Microsoft patches!
37. August 11, PC World - (International) ActiveXoverhaul in Microsoft patch batch. Microsoft's nine security bulletinsreleased Tuesday close a range of security holes involving ActiveX controls,Windows Media files and other software that affect the full array of Windowsversions. A fix for a serious flaw in the Microsoft Office Web components, disclosedin July, patches an ActiveX problem that allows for a drive-by-download attackagainst Internet Explorer users. As per usual, a user will get all these fixesby running Automatic Updates or manually running Microsoft Update. Doing sowill also nab this month's collection of less serious fixes. Attacks againstthese important-rated holes could result in denial-of-service, privilegeescalation and/or login credential theft - nothing a user would want to dealwith, but less dangerous than the critical risks that could by themselves allowfor malware installation and the like. Source: http://www.pcworld.com/article/17002...tch_batch.html
Are we prepared for the attacks thatappear to be likely in the future?
41. August 13, The Register - (International) Virusarms race primes malware numbers surge. Half (52 percent) of new malwarestrains only stick around for 24 hours or less. The prevalence of short livedvariants reflects a tactic by miscreants aimed at overloading security firms sothat more damaging strains of malware remain undetected for longer, accordingto a study by Panda Security. The security firm, based in Bilbao, Spain,detects an average of 37,000 new viruses, worms, Trojans and other securitythreats per day. Around an average of 19,240 spread and try to infect users forjust 24 hours, after which they become inactive as they are replaced by other,new variants. Virus writers - increasingly motivated by profit - try to ensuretheir creations go unnoticed by users and stay under the radar of firms. It hasnow become common practice for VXers to review detection rates and modify viralcode after 24 hours. The practice goes towards explaining the growing malwareproduction rate. The amount of catalogued malware by Panda was 18 million inthe 20 years from the firm's foundation until the end of 2008. This figureincreased 60 percent in just seven months to reach 30 million by 31 July 2009.Source: http://www.theregister.co.uk/2009/08...are_arms_race/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...
NowTwitter. What is next?
34. August 6, Associated Press - (National) Hackersattack Twitter, Facebook also slows down. Hackers on August 6 shut down thefast-growing messaging service Twitter for hours, while Facebook experiencedintermittent access problems. Twitter said it suffered a denial-of-serviceattack, in which hackers command scores of computers toward a single site atthe same time, preventing legitimate traffic from getting through. The attacksmay have been related to the ongoing political conflict between Russia andGeorgia. They started with hackers using a botnet to send a flurry of spame-mail messages that contained links to pages on Twitter, Facebook and othersites written by a single pro-Abkhazia activist, according to a researchdirector of the San Francisco-based Packet Clearing House, a nonprofit thattracks Internet traffic. When people clicked on the links, they were taken tothe activist's legitimate Web pages, but the process of loading the pages atsuch volumes overwhelmed some servers and disrupted service, he said. He saidit is hard to immediately tell whether it was a case of hackers trying topunish the sites for publishing views they disagree with, or if they weredirecting traffic to the sites out of sympathy for the activist's message. Thefact that a relatively common attack could disable such a well-known Web siteshows just how young and vulnerable Twitter still is, even as it quicklybecomes a household name used by celebrities, large corporations, smallbusinesses and even protesters in Iran. Source: http://www.google.com/hostednews/ap/...7soTQD99TO8500
Is there a postcard in your In Box?
32. August 10, Spamfighter News - (National) Newstudy finds computer virus ‘Zeus Bot' in Internet postcards. The directorof computer forensics at the University of Alabama at Birmingham (UK) saidbogus postcards circulating on the Internet to reach people's inboxes globallycontain links that lead to the PC virus Zeus Bot. The director said the e-mailsare typically designed and their subject lines suggest that they have been sentfrom the 1001 Postcards website. He also said the phony postcards directrecipients to follow a link to view its contents, however, the moment the clickbutton is pressed; the Zeus Bot virus unleashes itself on the users' PCs.Thereafter when infection sets in, the malware enables cyber criminals tointercept banking passwords along with account numbers, and e-mail as well asother sensitive account details of users. Furthermore, the director stated thatcyber criminals in the current incident were using the Russian languagesoftware for Zeus Bot and were utilizing postcards like never before todownload and install the virus program on the computers of unwitting users.With the virus getting settled on a PC, the computer is conveniently added tothe Zeus Botnet and the malware steals all data that the victim enters into awebsite. By utilizing an image user interface, the virus monitors the infectedsystems across the globe while its tools let crooks choose stolen accountsrelated to banks according to their priority for attack. Source: http://www.spamfighter.com/News-1287...-Postcards.htm
Areyou vulnerable?
37. August11, Periscope IT - (International) Storage reliability questionedafter high profile outages. The reliability of data storage facilities andmanaged hosting services has been brought into question following a series ofhigh-profile internet outages, it has been claimed. According to ComputerWorld, downtime experienced by Equinix and Primus has raised doubts about bothsecurity and reliability of such facilities and their website monitoringservices. Internet service provider Primus, which is based in Australia,suffered several hours of downtime as a result of a sub-station fault whichprevented a back-up generator from starting. The outage followed hot on theheels of data storage provider Equinix's Sydney operation going down. Themanaging director of earthwave, told the news provider that such outageshighlight the need for regular testing and website monitoring. “It shows theydon't have the right test procedures and have not validated theirinfrastructure to work in the event of a disaster,” he added. Recently, adenial of service attack brought down social networking website Twitter. It isbelieved that similar attacks were levelled at Facebook and LiveJournal at thesame time. Source: http://www.periscopeit.co.uk/website...le-outages/483
Surely you have applied the latestset of Microsoft patches!
37. August 11, PC World - (International) ActiveXoverhaul in Microsoft patch batch. Microsoft's nine security bulletinsreleased Tuesday close a range of security holes involving ActiveX controls,Windows Media files and other software that affect the full array of Windowsversions. A fix for a serious flaw in the Microsoft Office Web components, disclosedin July, patches an ActiveX problem that allows for a drive-by-download attackagainst Internet Explorer users. As per usual, a user will get all these fixesby running Automatic Updates or manually running Microsoft Update. Doing sowill also nab this month's collection of less serious fixes. Attacks againstthese important-rated holes could result in denial-of-service, privilegeescalation and/or login credential theft - nothing a user would want to dealwith, but less dangerous than the critical risks that could by themselves allowfor malware installation and the like. Source: http://www.pcworld.com/article/17002...tch_batch.html
Are we prepared for the attacks thatappear to be likely in the future?
41. August 13, The Register - (International) Virusarms race primes malware numbers surge. Half (52 percent) of new malwarestrains only stick around for 24 hours or less. The prevalence of short livedvariants reflects a tactic by miscreants aimed at overloading security firms sothat more damaging strains of malware remain undetected for longer, accordingto a study by Panda Security. The security firm, based in Bilbao, Spain,detects an average of 37,000 new viruses, worms, Trojans and other securitythreats per day. Around an average of 19,240 spread and try to infect users forjust 24 hours, after which they become inactive as they are replaced by other,new variants. Virus writers - increasingly motivated by profit - try to ensuretheir creations go unnoticed by users and stay under the radar of firms. It hasnow become common practice for VXers to review detection rates and modify viralcode after 24 hours. The practice goes towards explaining the growing malwareproduction rate. The amount of catalogued malware by Panda was 18 million inthe 20 years from the firm's foundation until the end of 2008. This figureincreased 60 percent in just seven months to reach 30 million by 31 July 2009.Source: http://www.theregister.co.uk/2009/08...are_arms_race/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...