|
|
09-12-2009
Registered User
26,240,
27
Weekly Summary of the "DHS Daily Open Source Infrastructure Report"
The DHS Daily Open SourceInfrastructure Report covers the publicly reported material for the precedingday(s) not previously covered. This weekly summary provides a selectionof those items of greatest significance to the InfoSec professional.
Monday, September 7,2009 was a holiday in the U.S., Labor Day. Thus, no report for that day.
Is there online malware on yourcomputers?
38. September 3, eWeek - (International) Onlinemalware - Compromised computers host an average of 3 malware families. Accordingto security company ESET, the average compromised machine is home to 13infected files as well as malicious programs from three different malwarefamilies. ESET based its findings on scans of more than a half-million PCsusing the free online scanner on the company's Website. In their own way, theresults may demonstrate the way attackers are working together to tag-teamvulnerable users. According to ESET, the presence of multiple malware familiesis the result of the “pay per install” phenomenon, in which cyber-criminals arepushing out malware to computers under their control. “Multiple malwarefamilies do not have any propagation mechanism built into their code,” bloggedESET Senior Researcher. “Instead, these pieces of malware are distributed andinstalled on computers by criminal gangs.” Some good examples of this arecampaigns to push out rogue anti-virus programs, he continued. Those familiarwith the Conficker worm will remember that earlier in 2009 Conficker infectionswere linked to the installation of the Waledac worm. Waledac in turn installeda bogus anti-virus program. ESET's findings also show that there is not alwaysa one-to-one relationship between malware and infected files. Many files on aninfected computer can be corrupted by the same piece of malware, the researcherwrote. “To sum up, we are seeing more malware per infected computer and alsomore malicious files on each of them. Our virus lab receives over 100,000 newpieces of malware every day. There are more malware authors than ever and theirtechnologies are getting better to rapidly create new variants of maliciouscode.” Source: http://securitywatch.eweek.com/onlin..._families.html
DHShas its own information security problems!
42. September 4, Government Computer News -(National) DHS needs to plug some cybersecurity holes, audit finds. TheHomeland Security Department should improve its cybersecurity programs for somemajor control systems, according to a new report from the DHS inspector general(IG). The control systems, which operate primarily in power plants, factoriesand utilities, are a vital part of the nation's critical infrastructure. Inrecent years control systems increasingly have become networked and linked withother information technology systems including the Internet. As a result, thecontrol systems are vulnerable to cyber threats, the IG said. DHS' NationalCyber Security Division (NCSD) has been coordinating public and private effortsfor cybersecurity in control systems. It also conducts training. Although thatdivision has made progress, there are still gaps in control systemcybersecurity, according to the IG's report published Sepember 1. The IG saidthe division needs to do more to encourage information sharing between thepublic and private sectors on needs, threats and vulnerabilities that affectcontrol systems; conduct more vulnerability assessments performed on controlsystems; deploy better performance measures; and initiate an expanded programfor education, training and awareness. “While progress has been made, the[NCSD] still faces difficult challenges in effectively reducing thecybersecurity risks to the nation's critical infrastructure,” he wrote.“Improvements are needed in NCSD's effort to protect and secure control systemsthat are essential to the nation's security and economy.” For example, moreinformation sharing is needed, the report said. Some regulatory agenciesexpressed concern with the national cyber division's leadership role and weredissatisfied with the amount of information that was being shared. The agenciescomplained that they were not informed of the results of cyber control systemvulnerability assessments, the IG said. Source: http://gcn.com/articles/2009/09/04/d...s-ig-says.aspx
Infrastructure Report for 10September 2009
MicrosoftWindows BSOD risk!
36. September 8, AfterDawn - (International) Windowsflaw spells BSOD risk to newer operating systems. Concept code has beenpublished that takes advantage of an unpatched vulnerability in Microsoft'simplementation of Server Message Block (SMB), which is a protocol used in Fileand Printer sharing over a network. Microsoft's Windows Vista, Windows Server2008 and Windows 7 are all currently affected by the unpatched vulnerability,while Windows 2000 and Windows XP are not affected by it at all. The conceptexploit uses the flaw to force Windows machine into the infamous Blue Screen ofDeath (BSOD). According to security researchers at the Internet Storm Center(ISC), the problem is defeated by using basic firewall protection. “The exploitneeds no authentication, only file sharing enabled with one packet to create aBSOD,” ISC researchers warn. “We recommend filtering access to port TCP 445with a firewall.” Microsoft issued a number of security updates during the dayto address some serious vulnerabilities in the Windows operating systems. TheSRV2.SYS (SMB) file vulnerability that can cause a BSOD was not included,likely due to the timing of the exploit code's release, but Microsoft didreveal that it is investigating the issue. Source: http://www.afterdawn.com/news/archive/19275.cfm
Are you at risk as a result of the “latest”Microsoft Windows bug?
35. September 9, The Register - (International) Criticalbug infests newer versions of Microsoft Windows. Microsoft has promised topatch a serious flaw in newer versions of its Windows operating system afterhackers released exploit code that allows them to take complete control of theunderlying machines. The flaw, which affects various versions of Windows Vista,2008, and the release candidate version of Windows 7, resides in a network filesharing technology known as SMB2, or simple message block version 2. The bug,which fails to adequately parse network negotiation requests, was previouslybelieved only to generate a debilitating blue screen of death, but on Tuesday,Microsoft confirmed in some cases it could also be used to remotely executemalicious code on vulnerable machines. The revelation shows that Microsoft'srecent efforts to harden its software against attack only go so far. Despitebuilding Windows Vista and 2008 from scratch and subjecting them to rigorouscode reviews, the critical bug managed to escape notice. Even worse, securityreviewers in Redmond managed to purge the bug from the final version of Windows7, but allowed other Windows versions to remain vulnerable. “This is a commonpractice at Microsoft of discovering critical software vulnerabilities in thelatest releases and never back porting them to older (still supported) versions[and] therefore leaving customers hung out to dry,” said the director ofprofessional services at The DigiTrust Group. “Also it is interesting that thevulnerability affects SMB2 as that was new to Vista and we can therefore assumehad been through most of their strict code auditing standards yet we see againthings are going to be missed, even extremely critical ones,” he added. Mostattempts to exploit the bug will result in a simple crash of the machine,according to an advisory Microsoft published on Tuesday. What's more, theinvulnerability of Windows 7 and Server 2008 R2 suggests Microsoft's securityteam is at least partially on top of the bug. Source: http://www.theregister.co.uk/2009/09..._security_bug/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...
Week Ending: Friday, September 11, 2009
Monday, September 7,2009 was a holiday in the U.S., Labor Day. Thus, no report for that day.
Is there online malware on yourcomputers?
38. September 3, eWeek - (International) Onlinemalware - Compromised computers host an average of 3 malware families. Accordingto security company ESET, the average compromised machine is home to 13infected files as well as malicious programs from three different malwarefamilies. ESET based its findings on scans of more than a half-million PCsusing the free online scanner on the company's Website. In their own way, theresults may demonstrate the way attackers are working together to tag-teamvulnerable users. According to ESET, the presence of multiple malware familiesis the result of the “pay per install” phenomenon, in which cyber-criminals arepushing out malware to computers under their control. “Multiple malwarefamilies do not have any propagation mechanism built into their code,” bloggedESET Senior Researcher. “Instead, these pieces of malware are distributed andinstalled on computers by criminal gangs.” Some good examples of this arecampaigns to push out rogue anti-virus programs, he continued. Those familiarwith the Conficker worm will remember that earlier in 2009 Conficker infectionswere linked to the installation of the Waledac worm. Waledac in turn installeda bogus anti-virus program. ESET's findings also show that there is not alwaysa one-to-one relationship between malware and infected files. Many files on aninfected computer can be corrupted by the same piece of malware, the researcherwrote. “To sum up, we are seeing more malware per infected computer and alsomore malicious files on each of them. Our virus lab receives over 100,000 newpieces of malware every day. There are more malware authors than ever and theirtechnologies are getting better to rapidly create new variants of maliciouscode.” Source: http://securitywatch.eweek.com/onlin..._families.html
DHShas its own information security problems!
42. September 4, Government Computer News -(National) DHS needs to plug some cybersecurity holes, audit finds. TheHomeland Security Department should improve its cybersecurity programs for somemajor control systems, according to a new report from the DHS inspector general(IG). The control systems, which operate primarily in power plants, factoriesand utilities, are a vital part of the nation's critical infrastructure. Inrecent years control systems increasingly have become networked and linked withother information technology systems including the Internet. As a result, thecontrol systems are vulnerable to cyber threats, the IG said. DHS' NationalCyber Security Division (NCSD) has been coordinating public and private effortsfor cybersecurity in control systems. It also conducts training. Although thatdivision has made progress, there are still gaps in control systemcybersecurity, according to the IG's report published Sepember 1. The IG saidthe division needs to do more to encourage information sharing between thepublic and private sectors on needs, threats and vulnerabilities that affectcontrol systems; conduct more vulnerability assessments performed on controlsystems; deploy better performance measures; and initiate an expanded programfor education, training and awareness. “While progress has been made, the[NCSD] still faces difficult challenges in effectively reducing thecybersecurity risks to the nation's critical infrastructure,” he wrote.“Improvements are needed in NCSD's effort to protect and secure control systemsthat are essential to the nation's security and economy.” For example, moreinformation sharing is needed, the report said. Some regulatory agenciesexpressed concern with the national cyber division's leadership role and weredissatisfied with the amount of information that was being shared. The agenciescomplained that they were not informed of the results of cyber control systemvulnerability assessments, the IG said. Source: http://gcn.com/articles/2009/09/04/d...s-ig-says.aspx
Infrastructure Report for 10September 2009
MicrosoftWindows BSOD risk!
36. September 8, AfterDawn - (International) Windowsflaw spells BSOD risk to newer operating systems. Concept code has beenpublished that takes advantage of an unpatched vulnerability in Microsoft'simplementation of Server Message Block (SMB), which is a protocol used in Fileand Printer sharing over a network. Microsoft's Windows Vista, Windows Server2008 and Windows 7 are all currently affected by the unpatched vulnerability,while Windows 2000 and Windows XP are not affected by it at all. The conceptexploit uses the flaw to force Windows machine into the infamous Blue Screen ofDeath (BSOD). According to security researchers at the Internet Storm Center(ISC), the problem is defeated by using basic firewall protection. “The exploitneeds no authentication, only file sharing enabled with one packet to create aBSOD,” ISC researchers warn. “We recommend filtering access to port TCP 445with a firewall.” Microsoft issued a number of security updates during the dayto address some serious vulnerabilities in the Windows operating systems. TheSRV2.SYS (SMB) file vulnerability that can cause a BSOD was not included,likely due to the timing of the exploit code's release, but Microsoft didreveal that it is investigating the issue. Source: http://www.afterdawn.com/news/archive/19275.cfm
Are you at risk as a result of the “latest”Microsoft Windows bug?
35. September 9, The Register - (International) Criticalbug infests newer versions of Microsoft Windows. Microsoft has promised topatch a serious flaw in newer versions of its Windows operating system afterhackers released exploit code that allows them to take complete control of theunderlying machines. The flaw, which affects various versions of Windows Vista,2008, and the release candidate version of Windows 7, resides in a network filesharing technology known as SMB2, or simple message block version 2. The bug,which fails to adequately parse network negotiation requests, was previouslybelieved only to generate a debilitating blue screen of death, but on Tuesday,Microsoft confirmed in some cases it could also be used to remotely executemalicious code on vulnerable machines. The revelation shows that Microsoft'srecent efforts to harden its software against attack only go so far. Despitebuilding Windows Vista and 2008 from scratch and subjecting them to rigorouscode reviews, the critical bug managed to escape notice. Even worse, securityreviewers in Redmond managed to purge the bug from the final version of Windows7, but allowed other Windows versions to remain vulnerable. “This is a commonpractice at Microsoft of discovering critical software vulnerabilities in thelatest releases and never back porting them to older (still supported) versions[and] therefore leaving customers hung out to dry,” said the director ofprofessional services at The DigiTrust Group. “Also it is interesting that thevulnerability affects SMB2 as that was new to Vista and we can therefore assumehad been through most of their strict code auditing standards yet we see againthings are going to be missed, even extremely critical ones,” he added. Mostattempts to exploit the bug will result in a simple crash of the machine,according to an advisory Microsoft published on Tuesday. What's more, theinvulnerability of Windows 7 and Server 2008 R2 suggests Microsoft's securityteam is at least partially on top of the bug. Source: http://www.theregister.co.uk/2009/09..._security_bug/
Note: The DHS only maintains the last ten daysof their reports online. To obtain copies of earlier reports or completesummaries, go to:
More...