The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
This raises suspicion though the experts are not raising the idea that it may have been developed to wreak havoc on sites the Chinese government have identified as supporters. The Chinese link has yet to be officially declared but anyone knows these types of attacks are a common practice of hackers. The surprising fact is that it is similar to a patriot which locks in on a target which has been designated by mission control effectively getting its target in any weather. The aiming is quite precise which leads conspiracy theories to the conclusion that it may be an attack on these sites from the inside. Much is to be learned from the Trojan as it is tracked and detected throughout the globe. Major developers of anti-viruses have been able to remove and block it but unprotected machines may prove to be too easy a target for the Trojan.
Tags: Avert Labs, Malware Targets, McAfee, Tibet
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware
In efforts to boost security, Paypal, one of the premier internet online payment providers is moving to block users who use older browsers to prevent weaknesses that these browsers possess. They have found that many users online still use old Microsoft IE 3.0 and 4.0 which have ended their support life a long time ago hence they do not have the needed updated security updates that are necessary to conduct safe and secure online transactions with regards to payments and other related business. Paypal has had a lot of bad publicity with regards to phishing and infiltration where people intercept and go on fake bidding sprees just to get at the vital financial information that people usually share over the network. In hopes of boosting security, they will be using script detection to begin blocking users and that they do apologize for all the inconvenience this may cause the millions of users who may be affected by their move. This comes as the amount of identity theft and other crimes have increasingly entered their ranks ending in much stolen information that leads to credit card fraud. Being the biggest, they are the most viable target for such hackers and they are trying to boost security on that front of the deal.
This would hopefully prevent more cases from developing and that any new ones will be ‘nipped in the bud’ so to speak.
Paypal and eBay have offered select users with a distinct security keys using VeriSign passwords that is to be transmitted during payment transactions which aims to prevent interception of the transaction information as it travels through the internet. Unlike specific credit card transactions that travel through dedicated lines which are now slowly being protected by PCI-DSS for improved security, regular PC do not have that much security hardware installed to protect them from interception by hackers who could tap into the network getting all credit card information for illegal purchases.
Tags: encryption, Paswords, PayPal, PCI-DSS, VeriSign
Categories: Cryptography, General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware
The Sans Institute has identified and determined the source of infections to some 20,000 web sites since January through research and extensive review of web sites and how they work. They have identified the point of entry for these attacks which capitalizes on a sneaky tool that uses Google’s search engine as it searches for specific types of vulnerable applications. They have also found that the process is automated, meaning they were not “live” attacks which has a user on the other end initiating it. The search tool works by finding vulnerable software and then executes a simple SQL statement that injects a script tag onto the discovered site. The exploit was designed to target Microsoft Window’s ISS which once infected, has the ability to infect all who visit the site. The sad side is that again, the malware is found and has been traced to report back to China which enforces more need for security on their side of the globe.
Their people were so thrilled at the discovery which they called a “GEM” due to the scarcity of such discoveries in the wild (internet). Discovery of such Trojans and other malware allows prompt response and sending out of updated signatures to anti-virus software and other intrusion prevention tools that prevents the spread to continue. They may have been lucky this time for the majority of malware out in the wild are not only very complex in terms of coding but have the ability to morph into totally different forms as they travel from computer to computer through the internet. The best way to avoid such problems would be to stay off the internet, which is next to impossible due to the current prevalence of the said technology in our everyday lives.
Tags: Google search tool, Malware, Web Site piggy-back
Categories: General, IT Security Basics, Malware, Network Security, News, Real-World Issues, Security Policies, Spyware
Recent studies are showing that having merely traditional Anti-Virus Programs Installed onto a computer is proving to be highly ineffective with today’s code morphing malware. The complexity and uncanny ability of these malware to change signatures defeats most if not all intrusion prevention systems. Hackers have also capitalized on the fact that users trust content that is seemingly from legitimate sources like the recent incident with a Goggle Mail application which is used to archive email from the email company’s servers which incorporated information gathering code. The problem was only found when a programmer unknowingly de-compiled the program and found an email address along with a log-in password to the program author’s mailbox. Upon using the derived information to get into the email account, he found several user information along with usernames and passwords of others who have used the program. He took drastic steps and deleted all information (email) he found not to be the author’s and informed the company which released the program about the incident. The developer simply said an error checking routine or some draft code was arbitrarily left within the released version. They promise not to do so in the upcoming versions of the said archiving program…. Yeah Right.
People have been warned again and again regarding the risk of getting free software and other free stuff that seemingly comes from legitimate sources (not the developer’s page) for they may have embedded payload which they unload once installed. Current Trojans also use swift actions to copy itself onto all peripherals(flash disk, digital camera, digital media players, PDA’s and other similar devices which can hide the code) attached to the system it infected so even a complete Operating System reinstall would only result in reinstallation if re connected to the same system. Other malware simply use the email addresses within certain programs like outlook and messenger sending out copies of itself to all those listed and infecting further computers as it travels all over the world.
The scenario has come to the point experts are talking about implementing a white list of sorts of all valid applications, sources for all legal and safe systems which are to be allowed access to their systems. This would have a sort of inventory program which keeps track from online sources of trusted sites and sources of files and rejecting those which are not included. Manual inclusion would be the Achilles’ heel of such an audit system for any wrong addition would again make it vulnerable to attack.
Tags: Anti-Viruses, Malware, viruses
Categories: General, Malware, Network Security, News, Real-World Issues, Spyware
Experts have said it again and again and history has shown us that money is the root of all evil and so it goes the same for the development and eventual spread of more sophisticated malware intended for the ever growing mobile computing environment. Current malware is simple yet experts are warning users and other experts alike that it would only be time before some hacker develops a more robust and discreet form of malware that would circumvent standard virus scanners. As we have seen and read in news articles, these viruses, Trojans and other forms of malware are evolving so fast that removal and detection experts are finding it very hard to get one step ahead of them. In the time it takes to read this post, about 35 or so new types of malware would have been released into the wild to infect any of the millions of unprotected systems over the internet. The problem has gone into the pandemic stage that no system is safe for long. The soonest a new and more robust intrusion prevention and security system is in place, several new vulnerabilities in the computer systems we use are found and immediately exploited by hackers and their minion.
Economics or the promise of earning a buck from such malware creation and spreading is the major motivation for hackers. Say you get into the cell phone of your favorite Celebrity and get hold of private pictures, or get hold of a confidential report which lists the amount of funds along with the corresponding account information and much more information that one can sell quite profitably over the internet.
Tags: Malware, Mobile Malware Threat, viruses
Categories: Cryptography, General, IM, IT Security Basics, Instant Messaging, Malware, Network Security, News, Operating Systems, Real-World Issues, Security Policies, Spyware
Viacom, the company that owns MTV has confirmed the fact that there was indeed a leakage of information from their system that has resulted in personal information such as Social Security numbers, Birth dates and other employment related data. They confirmed the fact that the said information was taken from an employee workstation which may have been infected by malware that sent the said information to the outside without the management knowing about it. These types of problems are now becoming more common as people go on the web and as this case shows, the workstation in question was said to have entered a social networking site through which may have been the path the malware took. The said information was contained in password protected files and the company has said that it has launched an internal investigation as to why the employee in question may have been able to access the said site from the office workstation.
Information leakage such as this case is now so common that they happen even without anybody knowing about it. Even with installed security and intrusion prevention systems, programs that piggy-back onto legal programs have found and exploited ways to circumvent them exposing themselves to protection systems as legitimate programs. Social networks have been targeted as with the problems with Goggle’s Orkut, Myspace and the many other social networking sites which have fallen to hackers who use them as launch/propagation platforms to unload their payloads of Trojans, key-loggers and many other forms malicious code.
The Web transforming into the social network may be the best thing that has happened to many but it remains to be a thorn in IT Security People from all over. Many have fallen victim to such instances that have resulted in credit card fraud and full-blown identity theft cases which are a real-world issue everybody has take notice of. The threat is real and we must all make it a point to do our best. Install the proper intrusion prevention systems and establish systems usage security protocol which will minimize exposure to such threats which are sure to invade more of our daily lives as we go on living a second life in the internet of today, the Social net.
Tags: MTV, Social Networking, Spyware
Categories: General, IT Security Basics, Malware, Network Security, News, Privacy & Anonymity, Real-World Issues, Security Policies, Spyware
As if we haven’t gotten enough warning about free stuff of the web, here’s a classic case of such malware found by an unsuspecting programmer who just happened to casually do a de-compilation of a popular utility used on Google Mail that allows archiving of all your email. As the story goes, A programmer was on the hunt for a way to back-up his email from GMail which he submitted a request to CodingHorror.com for such a utility from fellow programmers. He was referred to a commercial program called G-Archiver which was distributed by an American firm Mate Media. As all freeware usually do (which is not as much as their advertising says) it disappoints him quite to the extent that he decides to reverse engineer(in the fashion of true hacking) the said utility only to find the email address and passowrd of the program’s creator within the code that raised red flags as to the reason behind the said suspicious details. As it turns out, the said program was sending private data with respect to the users who have downloaded and used the said utility to archive their Gmail accounts.
The program contained the said information (email address and password) of the programmer so the said utility can send information to him without the users knowing about it from any platform and location it may have been used.
Most of the sites which offered the program for download have removed them from their software offerings and the authors at ZDnet Asia where this was first reported have not been able to get a reply from the firm which distributes the said utility as to an explanation to the said event. This is a classic case of complacency wherein people rely on big names for their needs sometimes even sacrificing common sense in the process as sad as it may seem. The reluctance of the developers to reply to the said allegations. The programmer took the email address and the pasword using it to log-on to Gmail where he finds 1,777 email from all the people who have used the software including their passowrds and other vital information. So, be wary of free and sometimes harmless stuff, they are the ones who can do most harm.
Tags: G-Archiver Utility, Gmail, Spyware
Categories: General, IT Security Basics, Malware, News, Real-World Issues, Security Policies, Spyware
McAfee, one of the industry’s leading software developers of anti-virus software have through its Avert Labs has discovered a new Trojan that infects WindowsCE which was developed for the Microsoft PocketPCs. The Trojan, disables data and network security rendering it useless and can be installed via memory card. The Trojan has the nasty ability to defy removal through software methods with the exception of a total re-format and re-installation of the applications and OS from a secure and safe source. Infected users are also asked not to use flash drives or memory sticks with saved data for they can also contain the code which spreads the trojan.The Trojan was discovered in China and makes itself the home page of the heavily reliant PocketPCs on the web. Information regarding the device, serial number and other personal information are then sent to the author of the Trojan leaving it open to future attacks and installation of malware due to security that has been turned off by the said Trojan.
The Trojan has been found contained snugly within legitimate installers and Asia being one of the fastest growing areas for mobile devices it would only take a little time before the said Trojan aptly named InfoJack spreads and wreaks havoc on Asia’s growing mobile PC community. The US-CERT or Computer Emergency Readiness Team has already taken notice of the said Trojan and is closely monitoring for further developments. Them along with anti-virus developers are currently developing methods of defeating the perpetrator and hopefully also capture the crook who designed the said malware.
Tags: PocketPC, Trojan, US-CERT, Windoes CE
Categories: Backups, Cryptography, General, IT Security Basics, Malware, Network Security, News, Operating Systems, Real-World Issues, Spyware
Some of these updates and patches are well publicized and known to media and IT circles while others are not. The real truth, not all users want to know the details of the several updates and patches that are being installed as long as they get to use the internet and other software without issues. This is a dangerous tightrope to walk for like the Facebook incidents and MySpace problems, and yes even Google (with their customer purchase tracking system which they took out of service as people took notice and were pissed they were being monitored as to shopping habits etc).
Even the most popular web search engines have come under fire when people took notice of their tracking systems and how that information is used to target them for advertising campaigns. The web is a true and proven signal of unparalleled freedom for it allows you to get information all with the press of a few buttons. But the battle begins at your desktop or laptop where the OS resides and is installed on making it the root of all possible problems. Yes, Attacks do come from the net but they are targeted at your home or office desktops using them as propagation tools to spread them all over the globe. Privacy and the right to know is quite battered on these fronts with many problems being discovered at every turn. People love intrigue and they will continue to scrutinize and criticize the work of others may they be friends or foes. On goes the OS wars and we are on the sidelines waiting to suffer all the fallout of their drive to be the first to release the most innovative and feature loaded software (with bugs and system crashes all bundled and included in the box, well till they release the respective fixes and patches to remedy them).
Tags: Apple, linux, Microsoft, OS Wars
Categories: General, IM, IT Security Basics, Instant Messaging, Malware, News, Operating Systems, Privacy & Anonymity, Programming, Real-World Issues, Security Policies, Spyware
Everybody on this earth who uses the internet has to begin with a device (PC, Laptop or Mobile Phone) that has a form of operating system that gives the machine (computer/device) the ability to function as it does. May it be from Microsoft (Windows XP or Vista), Apple (OS X Leopard and prior versions) or Linux-Based operating systems, all these programs get their fair share of patches and bug fixes that are essentially damage control measures that hopefully correct programming errors before they cause too much harm to the user and the computer they are installed on.
These patches and updates are available for free for most licensed users but for those who still use bootlegged software, well, they are a bit too difficult to get hold of for the move of OS manufacturers to install (sometimes without you even knowing it), validation tools that check via the internet if the copy of your OS is licensed and legit. These underground updates are not always so discreet for some do get out and are found by users, programmers and other people who rely heavily on their computers for their everyday existence. Some get blown out of proportion sending them into the headlines as unwanted and unauthorized processes that you get to see on CNN and the BBC.
Software development firms are businesses and they do try their best to keep ahead of the pack (competitors) when it comes to the complexity and capabilities of their products. The competitiveness goes as far as the early release of a product before all testing and real-world simulations have been completed opting for patches and updates to correct them well after the product has been released into the wild (for public use). Some problems associated with them are so critical that the developers are so ashamed to admit they overlooked them that they opt to update these files without the user’s knowledge (have you ever seen your OS getting updates from the web as you get to go on your coffee break, sometimes so discreetly you even fail to notice, returning to a computer that tells you your system has been updated and a restart is needed for them to take effect?)
Tags: Apple, linux, Misrosoft, OS Wars
Categories: General, IM, IT Security Basics, Malware, News, Operating Systems, Privacy & Anonymity, Real-World Issues, Spyware
The movement to free Tibet from Chinese rule has had several web sites and organizations springing up to fight for Tibetan independence from the Chinese’s Communist Rule. The movement was threatened by the government to be met with force and it indeed was resulting in the much publicized crackdown on the remote Chinese territory. Their discovery of the Trojan, nicknamed FriBet by McAfee is quite unique in the sense that it is the only form of malware that has been specifically designed to attack a specific type of computer, one that supports the Pro-Tibetan movement. The said malware has been identified to have infected two web sites that have expressed support for the movement and the Trojan then seeks all databases that are linked to the said site. Visiting the said infected sites will trigger a seek operation that downloads the payload onto the machine which in turn spreads it to other sites that it visits.
