The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
This raises suspicion though the experts are not raising the idea that it may have been developed to wreak havoc on sites the Chinese government have identified as supporters. The Chinese link has yet to be officially declared but anyone knows these types of attacks are a common practice of hackers. The surprising fact is that it is similar to a patriot which locks in on a target which has been designated by mission control effectively getting its target in any weather. The aiming is quite precise which leads conspiracy theories to the conclusion that it may be an attack on these sites from the inside. Much is to be learned from the Trojan as it is tracked and detected throughout the globe. Major developers of anti-viruses have been able to remove and block it but unprotected machines may prove to be too easy a target for the Trojan.
Tags: Avert Labs, Malware Targets, McAfee, Tibet
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware
In efforts to boost security, Paypal, one of the premier internet online payment providers is moving to block users who use older browsers to prevent weaknesses that these browsers possess. They have found that many users online still use old Microsoft IE 3.0 and 4.0 which have ended their support life a long time ago hence they do not have the needed updated security updates that are necessary to conduct safe and secure online transactions with regards to payments and other related business. Paypal has had a lot of bad publicity with regards to phishing and infiltration where people intercept and go on fake bidding sprees just to get at the vital financial information that people usually share over the network. In hopes of boosting security, they will be using script detection to begin blocking users and that they do apologize for all the inconvenience this may cause the millions of users who may be affected by their move. This comes as the amount of identity theft and other crimes have increasingly entered their ranks ending in much stolen information that leads to credit card fraud. Being the biggest, they are the most viable target for such hackers and they are trying to boost security on that front of the deal.
This would hopefully prevent more cases from developing and that any new ones will be ‘nipped in the bud’ so to speak.
Paypal and eBay have offered select users with a distinct security keys using VeriSign passwords that is to be transmitted during payment transactions which aims to prevent interception of the transaction information as it travels through the internet. Unlike specific credit card transactions that travel through dedicated lines which are now slowly being protected by PCI-DSS for improved security, regular PC do not have that much security hardware installed to protect them from interception by hackers who could tap into the network getting all credit card information for illegal purchases.
Tags: encryption, Paswords, PayPal, PCI-DSS, VeriSign
Categories: Cryptography, General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware
The Sans Institute has identified and determined the source of infections to some 20,000 web sites since January through research and extensive review of web sites and how they work. They have identified the point of entry for these attacks which capitalizes on a sneaky tool that uses Google’s search engine as it searches for specific types of vulnerable applications. They have also found that the process is automated, meaning they were not “live” attacks which has a user on the other end initiating it. The search tool works by finding vulnerable software and then executes a simple SQL statement that injects a script tag onto the discovered site. The exploit was designed to target Microsoft Window’s ISS which once infected, has the ability to infect all who visit the site. The sad side is that again, the malware is found and has been traced to report back to China which enforces more need for security on their side of the globe.
Their people were so thrilled at the discovery which they called a “GEM” due to the scarcity of such discoveries in the wild (internet). Discovery of such Trojans and other malware allows prompt response and sending out of updated signatures to anti-virus software and other intrusion prevention tools that prevents the spread to continue. They may have been lucky this time for the majority of malware out in the wild are not only very complex in terms of coding but have the ability to morph into totally different forms as they travel from computer to computer through the internet. The best way to avoid such problems would be to stay off the internet, which is next to impossible due to the current prevalence of the said technology in our everyday lives.
Tags: Google search tool, Malware, Web Site piggy-back
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware
In efforts to boost their commitment to promoting better IT security, China has passed sentence on four hackers that were due to receive sentences ranging from two to eight years in prison. The four un-named cyber-criminals were given sentences of two and a half years which if one spends in a Chinese jail would be too long enough. They were however convicted not of cyber-crimes yet for “non-declaration of Income” which seems to overshadow their claims of boosting IT security measures. The convicted cyber-criminals were caught to have gained around a few thousand dollars of undeclared income which they got from information gathered through malware. China has repeatedly challenged allegations that they are the hacking capital of the world stating that they are victims instead of criminals in the IT Security scene. Their crackdown on Tibetan activists and supporters has again raised questions on the globalization policy of China as a country that is open for change in order to face the challenge of globalization.
The move is one of the many much publicized efforts by Chinese Authorities who say are doing all they can to stop the illegal activities that are happening within their borders. Their passing of the anti-hacking measures is seen as the harshest in the world and as said, the conditions in Chinese jails if taken into consideration would be too long for any length of time. They have tried hard to control the internet, by banning sites blocking access to external sites before they get to millions of Chinese users. People are suspicious of their motives for they emphasize more on the internal issues they have rather than those in conjunction with global matters such as the need for more intrusion prevention methods to prevent hackers from doing damage to all of us.
Tags: Chinese, Hacker Crackdown
Categories: General, IT Security Basics, Malware, Real-World Issues, Security Policies
Experts have said it again and again and history has shown us that money is the root of all evil and so it goes the same for the development and eventual spread of more sophisticated malware intended for the ever growing mobile computing environment. Current malware is simple yet experts are warning users and other experts alike that it would only be time before some hacker develops a more robust and discreet form of malware that would circumvent standard virus scanners. As we have seen and read in news articles, these viruses, Trojans and other forms of malware are evolving so fast that removal and detection experts are finding it very hard to get one step ahead of them. In the time it takes to read this post, about 35 or so new types of malware would have been released into the wild to infect any of the millions of unprotected systems over the internet. The problem has gone into the pandemic stage that no system is safe for long. The soonest a new and more robust intrusion prevention and security system is in place, several new vulnerabilities in the computer systems we use are found and immediately exploited by hackers and their minion.
Economics or the promise of earning a buck from such malware creation and spreading is the major motivation for hackers. Say you get into the cell phone of your favorite Celebrity and get hold of private pictures, or get hold of a confidential report which lists the amount of funds along with the corresponding account information and much more information that one can sell quite profitably over the internet.
Tags: Malware, Mobile Malware Threat, viruses
Categories: Cryptography, General, IM, IT Security Basics, Instant Messaging, Malware, Network Security, News, Operating Systems, Real-World Issues, Security Policies, Spyware
Banks and other financial institutions are the most attacked institutions in the world which accounts for millions in losses according to RSA, one of the IT Industry’s leading security firms. The rise has been foreseen and predicted for many years yet banks are simply not taking it too seriously. Phishing involves the leeching of client information from bank networks for use in scams and fraud. This type of attack sits next to identity fraud and credit card fraud as the most expensive financial loss generators for the banking industry. The phishing attacks target mostly US based firms with the UK ranking second. Many countries are following as targets for phishing by hackers who aim to use the information they obtain for personal gains.
The banking industry is considered to be one of the most secure and IT dependent industries in the world but the diversity and sheer number of attacks is taking its toll on their systems prompting them to take notice. Credit Card fraud alone accounts for billions in losses worldwide that is suffered by financial institutions adding to that the newer types of attacks making it an IT Security Managers worst nightmare. In Europe, Germany is hailed to be the financial hub in the region yet it has managed to repel attacks which isn’t the same with it’s other neighboring countries. More strict legislation might be needed to deter criminals who now opt to use computers rather than a gun which is safer and involves less effort.
The Credit card Fraud problem is being addressed by the implementation of PCI DSS which is to secure and prevent hackers from getting card customer information while it is in transit over the network. The attacks now focus on more public domain which is the internet through social networks which is where most phishing attacks usually occur.
Tags: Bnaking IT Security, Credit-Card-Fraud, Fraud, identity-theft, Scams
Categories: IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies
The advent of cheap wireless technology such as routers for as little as 50 Pounds has made the wireless revolution a true headache to IT managers from all over. Suddenly, the once secure office database and programs is open to all types of vulnerabilities from viruses to hackers getting stuff off the company’s servers selling or using it for profit. Securing the wireless network is proving to be harder than wired ones for the de-centralization of data once contained within corporate firewalls became mobile through WiFi enabled laptops and other digital devices.
Securing the entire WiFi network is out of the question due to the dynamic structure of such networks. Even the internet has been so hard to police that companies nowadays rely on end-point intrusion prevention methods using software and hardware that are pre-loaded with security systems. This would be the best option for the internet is a very dangerous place which no amount of security software can secure. Even with super-computers the task would be difficult due to the millions of computers that are interconnected forming the internet.
For corporate security it is also vital to have proper education for employees regarding the risks of unauthorized WiFi connections from within the company. Security engineers should also be aware of the risks and goals of the measures they are implementing so as to avoid holes in the security net they are putting in place. If possible invest in education seminars regarding real life scenarios which can raise awareness. Also allow employees to voluntarily declare personal devices which they bring into the office. This avoids the unauthorized occasional iPhone from popping up in your network scans. Regularly check for malware which may have gone through the security net which is already in place and keep all security software up to date.
Tags: End-Point Intrusion Prevention, WiFi Risks, WiFi Security
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies
Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.
Tags: MTV, Social Networking, Spyware
Categories: General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware
As if we haven’t gotten enough warning about free stuff of the web, here’s a classic case of such malware found by an unsuspecting programmer who just happened to casually do a de-compilation of a popular utility used on Google Mail that allows archiving of all your email. As the story goes, A programmer was on the hunt for a way to back-up his email from GMail which he submitted a request to CodingHorror.com for such a utility from fellow programmers. He was referred to a commercial program called G-Archiver which was distributed by an American firm Mate Media. As all freeware usually do (which is not as much as their advertising says) it disappoints him quite to the extent that he decides to reverse engineer(in the fashion of true hacking) the said utility only to find the email address and passowrd of the program’s creator within the code that raised red flags as to the reason behind the said suspicious details. As it turns out, the said program was sending private data with respect to the users who have downloaded and used the said utility to archive their Gmail accounts.
The program contained the said information (email address and password) of the programmer so the said utility can send information to him without the users knowing about it from any platform and location it may have been used.
Most of the sites which offered the program for download have removed them from their software offerings and the authors at ZDnet Asia where this was first reported have not been able to get a reply from the firm which distributes the said utility as to an explanation to the said event. This is a classic case of complacency wherein people rely on big names for their needs sometimes even sacrificing common sense in the process as sad as it may seem. The reluctance of the developers to reply to the said allegations. The programmer took the email address and the pasword using it to log-on to Gmail where he finds 1,777 email from all the people who have used the software including their passowrds and other vital information. So, be wary of free and sometimes harmless stuff, they are the ones who can do most harm.
Tags: G-Archiver Utility, Gmail, Spyware
Categories: General, IT Security Basics, Malware, News, Real-World Issues, Security Policies, Spyware
The European Commission is planning to implement biometrics screening and automated security checks for all visitors who wish to enter all the current member countries. This is a move to bolster internal security which has been quite troublesome in the past years with problems like terrorism and identity theft on the rise. The plan calls for mandatory scanning of a person for biometrics information which is compared to a database of known criminals and fugitives from around the world. This would bolster or even curb the growth of illegal immigrants who have overstaying status in that corner of the world. Though much of the plan is under wraps, it would surely include pioneering technology such as the facial recognition system used in the football match series that allows a person’s face to be scanned and compared to an online database of known hooligans which allows denial of entry to stadiums and even the host country to prevent violence. Hooliganism has risen in the past years with several violent clashes between police and rioters who have turned unruly during the games.
Several games had to be moved or postponed indefinitely due to fears of rising violence on and off the courts between rowdy fans and security forces.
The introduction of a scanning camera that has the ability to reveal what’s under your clothes but not enough to reveal the skin (which is to address privacy invasion issues of the past) is sure to play a vital part in the said security plan. The information of travelers would be scanned and entered into the biometric database upon visa application which is then again checked during entry into the country of destination. The system is initially for testing with suspicious travelers who may have something to hide, such as fake passports and other identity theft cases which if successful would be implemented full-scale to address the need for increased security.
All the above measures are to address the increasing cases of identity theft, cross-country crimes, illegal immigration and other related matters. Most of the countries who are voting for the said security measures are the ones who share borders with the exception of some like the UK which is separated from mainland Europe and some other countries that form the EU who are under deliberation if they would avail or support such a measure.
Tags: Biometrics, EU Security, Facial Recognition
Categories: General, News, Physical Security, Real-World Issues, Security Policies
The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
