According to McAfee and their third annual “Mapping the Mal Web” report, more than a third of Cameroon domains (TLD of .cm) are infested with viruses or other types of malicious software (malware) and scams. Given that it’s very easy to mis-type .com as .cm, this presents as an opportunity to attackers and a headache for Internet users. Second place on the most-infested domains list goes to China (.cn), while Hong Kong (last year’s ‘winner’) is now far from the top.
A typo can get you infected
December 10th, 2009 by kondaxEvil Maid attacks encrypted drives
December 8th, 2009 by kondaxThe past few weeks a number Evil Maid attack instances have been launched against very popular drive encryption implementations. These attacks pose a very serious threat against protected data since, once launched, they are certain to succeed. Read the rest of this entry »
New hole in Adobe Reader
December 8th, 2009 by zarrasAttackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user’s computer, the software maker warned.
Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company’s previously scheduled patch release for the PDF reader. According to Security Focus, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.
“Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application,” the security site warned. “Failed attempts will likely result in denial-of-service conditions.”
The bug is presently being exploited in “limited targeted attacks,” Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems.
Those using Windows Vista with a feature known as data execution prevention enabled are safe from the exploit. Users on other platforms can insulate themselves from the current attack by disabling javascript from running inside the application, but Adobe warned it’s possible to design an exploit that works around that measure.
(To do so, choose Preferences from Reader’s Edit menu, highlight javascript and then uncheck the box that says “Enable Acrobat JavaScript.”)
The company said it’s working with anti-virus providers so their software can detect the PDF files that target the bug.
H1N1 malware epidemic
December 7th, 2009 by tsikudisEarlier this week, the Center for Disease Control (CDC) issued a new malware scam, to warn citizens about a large malware campaign exploiting the public awareness of phishing attacks and the interest in H1N1 vaccinations.
The E-mail security company AppRiver detected a large amount of fake CDC e-mails which were sent at a rate of nearly 18,000 messages per minute, reaching more than 1 million in the first hour alone, according to the company’s blog post.
The e-mails claim users to register for a new state vaccination programm by creating a personal H1N1 vaccination profile at a fraudulent web page of CDC. However, anyone who clicks on the link, his computer is infected with malware, an executable copy of ZBot trojan horse. This trojan, also known as Zeus, powers one of the most active botnets which steal data of compromised machines.
According to the security company Sunbelt Software’s report, ZBot is listed as the second most prevalent malware threat.
Malware propagation can be succesful in a situation where social engineering is dominatinated by technology due to the public awareness and fear.
Call for Papers: EuroSec 2010
November 26th, 2009 by Manolis StamatogiannakisThe next edition of the European Workshop on System Security (EuroSec 2010) will take place on the 13th of April, 2010, in Paris, France. Please find below the call for papers.
About EuroSec
EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.
EuroSec is a new workshop associated with the Annual ACM SIGOPS EuroSys conference. The workshop aims to bring together researchers, practitioners, system administrators, system programmers, and others interested in the latest advances in the security of computer systems and networks. The focus of the workshop is on novel, practical, systems-oriented work.
Topics of Interest
EuroSec seeks contributions on all aspects of systems security. Topics of interest include (but are not limited to):
- Operating systems security
- Web/network/distributed systems security
- New attacks and evasion techniques
- Hardware architectures
- Trusted computing and its applications
- Identity management, anonymity
- Small trusted computing bases
- Mobile systems security
- Measuring security
- Malicious code analysis and detection
- Systems-based forensics
- Systems work on fighting spam/phishing
TLS protocol renegotiation vulnerability
November 23rd, 2009 by sebolaniA serious flaw in Transport Layer Security (TLS) protocol was recently brought to light via the Internet Engineering Task Force (IETF) mailing list (archive).
TLS is the most common data security protocol on the Internet primarily used to encrypt online HTTP nagotiations, such us online banking and commercial transactions, and to secure online services, such us email and database access. The vulnerability was identified by the researchers at Phonefactor as ‘SSL/TLS Authentication Gap‘. The vulnerability allows an attacker to inject himself, in a number of serious Man-In-The-Middle (MITM) attacks, into the authenticated SSL communication path. This could be done without either parts of the negotiation (client-server) being able to detect the attack.
Google Cloud and Botnets’ CnC Channels
November 23rd, 2009 by sfakianaArbor Networks recently reported that Google’s AppEngine was tapped to act as the master control channel that feeds commands to large networks of infected computers. More precisely, the custom application was used to feed URLs to the already infected computers so as to download PCClient backdoor from a third-party server. Google shut down the rogue application shortly after being notified of it. Read the rest of this entry »
FORWARD at the ICT Days 2009 in Sofia
November 5th, 2009 by Edita DjambazovaFrom 28th to 31st of October 2009 at Inter Expo Center – Sofia, Bulgaria, the Days of Information and Communication Technologies 2009 were held. The event combined specialised exhibition ICT Expo and an interesting seminar program.
ICT Expo offers a platform for comparing the current industrial trends and product presentations. The aim of ICT Expo is to acquaint visitors with the latest innovations in all fields of information and communication technologies – server solutions, PC assembly components, personal and mobile computers, peripherals and network solutions, card technology, business process management, learning & knowledge solutions, telecommunication equipment, financial solutions, multimedia products, business management software and information safety, innovations from Bulgarian software developers.
The seminar programme included a forum where the business representatives had the opportunity to get acquainted with the new state administration, to discuss the state of the branch in crisis conditions.
As part of the seminar programme the FP7 EU project FORWARD was presented along with another EU funded project PSIRP. In a half-hour presentation Edita Djambazova from IPP-BAS described FORWARD’s goal, objectives, and results. Some of the emerging security threats identified during the project were discussed. The established security community around ICT-FORWARD was outlined as one of its important achievements.
Tor Project and Censorship in China
October 29th, 2009 by sfakianaIn preparation for the 60th anniversary of communistic rule, China strengthens Great Firewall (GFC). Apart from pushing local ISPs to deploy more powerful technology, the chinese government used its net censorship mechanisms to attack parts of the Tor network. Read the rest of this entry »
Click fraud through Bahama botnet faking Google
October 29th, 2009 by sebolaniBahama botnet, a network of thousands compromised computer, is using Google and other search engines including Yahoo and Bing to counterfeit web pages for advertising purposes.
The botnet is spreading through malware distributed through antivirus scams. Compromised PCs are having fake DNS replies for Google.com and other search engine domains, an attack known as “DNS poisoning”. As a result, affected users are visiting a fake page that looks exactly Google.com located in Canada. Read the rest of this entry »
