FireEye to Expose Dangers of Modern Malware at the RSA 2010

FireEye, Inc. will expose the threat posed by advanced persistent threats, as seen in the case of "Operation Aurora", at the RSA Conference 2010 next week in San Francisco. FireEye experts, including Chief Security Architect Marc Maiffret, will be on hand to discuss the extent of modern malware attacks and the limitations of conventional network defenses at booth #332 from March 2 – 4. [...]

At the company’s booth, FireEye will demonstrate its modern malware protection system and show how common cyber defenses currently used by organizations, including firewalls, antivirus, network intrusion prevention and web gateway security devices, are simply not enough to prevent modern day malware attacks.

http://www.fireeye.com/news_events/pr/20100224_MA.html

Hackers follow the money, IBM research shows

Existing threats such as phishing and document format vulnerabilities have continued to expand, even as users improve security, according to a new IBM report. [...]

The 2009 X-Force Trends and Risk Report also finds that:
- Vulnerabilities have decreased. Overall, 6,601 new vulnerabilities were discovered in 2009, an 11 percent decrease over 2008. The report indicates declines in the largest categories of vulnerabilities such as SQL Injection, in which criminals inject malicious code into legitimate Web sites, and ActiveX controls, or small programs used on the Internet to help with tasks, may indicate some of the more easily discovered vulnerabilities in these classes have been eliminated and security is improving.

- Critical and high vulnerabilities with no patch have decreased significantly year-over-year in several key product categories. Vulnerabilities with Web browsers and document readers and editors have decreased, which indicates that software vendors have become more responsive to security issues.

- Vulnerability disclosures for document readers and editors and multimedia applications are climbing dramatically. 2009 saw more than 50 percent more vulnerability disclosures for these categories versus 2008.

- New malicious Web links have skyrocketed globally. The number has increased by 345 percent compared to 2008. This trend is further proof that attackers are successful at both the hosting of malicious Web pages and that Web browser-related vulnerabilities and exploitation are netting a serious return.

Continue reading in http://www.net-security.org/secworld.php?id=8918

Comcast.net hacker who redirected Web traffic pleads guilty

One of the three men charged with hacking into the Web site for Comcast’s Internet customers last year has pleaded guilty, the U.S. Attorney’s Office in Philadelphia said Wednesday.

Christopher Allen Lewis, whose hacker alias was EBK, pleaded guilty to conspiring to disrupt service on the comcast.net site on May 28 and 29. [...]

The U.S. Attorney’s Office said the men, who were associated with the hacker group Kryogenics, on May 28 redirected traffic destined for comcast.net to Web sites they had set up.

As a result, Comcast customers trying to get their e-mail or voice mail from comcast.net that day found themselves viewing a Web site containing the message, "KRYOGENIKS Defiant and EBB RoXed COMCAST sHouTz to VIRUS Warlock elul21 coll1er seven."

http://philadelphia.bizjournals.com/philadelphia/stories/2010/02/22/daily29.html

Baidu: Registrar ‘incredibly’ changed our e-mail for hacker

A hacker who took down top Chinese search engine Baidu.com last month broke into its account with a U.S. domain name registrar by pretending to be from Baidu in an online chat with the registrar’s tech help, according to a lawsuit filed by Baidu. [...]

The attack began on the afternoon of Jan. 11 when the hacker contacted Register.com tech help via online chat and claimed to be from Baidu, the complaint alleges. The attacker asked a support representative to change Baidu’s e-mail address on file. The representative then sent a confirmation code to Baidu’s e-mail account even though the hacker answered a security question incorrectly, the complaint alleges.

The attacker could not access Baidu’s e-mail account, so instead made up a confirmation code and sent it to the support representative when asked, the complaint alleges. Without comparing the two codes, the support representative took the bogus answer to be correct and agreed to the attacker’s request to change Baidu’s e-mail address on file to "antiwahabi2008@gmail.com", the complaint alleges.

"Incredibly," the complaint says, Register.com "thus changed the e-mail address on file from one that was clearly a business address and contained the name of the account owner, to an e-mail address that conveyed a highly politically charged message (‘antiwahabi’), with the domain name (‘gmail.com’) of a competitor of Baidu, at the request of an individual who not only could not produce the correct security verification, but actually produced false information twice."

It’s unclear exactly what ‘antiwahabi’ refers to, but the spelling matches that of the strict Wahabi Muslim religious sect. Baidu did not immediately reply to a request for comment.

http://www.computerworld.com/s/article/9162118/Baidu_Registrar_incredibly_changed_our_e_mail_for_hacker

BBC iPlayer rejects open source plugins, takes Flash-only path

Be safe: Use Adobe content protection, kids

The BBC has quietly updated its hugely popular iPlayer with a verification layer that closes the door on open source implementations of RTMP (real-time messaging protocol) streaming, The Register has learned.

The Beeb applied the update to its online video catch-up service on 18 February, just four days after Adobe Systems penned a corporate blog post about its “content protection offerings”.

The tweak means that free RTMP plugins offered by the likes of the XBMC community – whose code is based on the GNU General Public Licence v2 – can no longer stream iPlayer content. [...]

Reg reader, Tom Rouse, who alerted us to the SWF verification tweak to the iPlayer, wondered if the BBC was simply satisfying the demands of Adobe’s content licence desires.

"It would seem that this move is likely [to] impact users of platforms not supported by Flash, with an unsatisfactory implementation (e.g. too resource intensive for the platform, with video tearing, etc.), or those who just wish to use an open source player," he said.

"Ironically, third party utilities that download files (which presumably the verification is there to prevent) still work fine. It is possible that this move will actually increase the occurrence of downloading files which will not be time limited, or torrenting of copyrighted material."

Meanwhile, Adobe’s product manager Florian Pestoni pushed out a Valentine’s Day missive on 14 February that outlined the proprietary software maker’s "content protection offerings" for what he described as a "key tool that can be used to monetise premium video online."

The firm’s Flash Media Server has a number of content protection features that includes support for the contentious SWF verification that effectively locks down the Beeb’s iPlayer in Flash.

In other words, "unauthorised" video player applications will no longer get a look-in.

http://www.theregister.co.uk/2010/02/24/iplayer_xbmc_adobe_swf_verification/

Threats from cyber criminals underestimated

As IT security expert Avira discovered in its moral issue survey, conducted on www.free-av.com in January 2010, Internet users underestimate the risk of cyber criminals gaining illegal access to their data. The responses from the 5,578 respondents indicate that, while they are attentive to their security, they are completely unprepared for the ingenuity now being shown by cyber criminals. Clearly users need to increase their vigilance and actively protect themselves with extensive security solutions on their computers.

The survey showed that most users are fairly naïve when it comes to computer security. 49 percent of participating surfers (2,747) said that they had not yet noticed any attempts at data espionage.
However, the chances of detecting illegal access are quite small unless you have extensive security protection. After all, the days are long past when a computer would recognize unusual behavior or lose system performance because of a malware infection. Hackers are becoming more ingenious and malware is being programmed with greater sophistication, using new tricks so as to remain undetected for as long as possible. Viruses now try to stay undercover, instead of blocking computers.

The other surprising thing about the result of the moral issue survey is that many Internet users believe that attackers wouldn’t be interested in them because they have nothing worth hiding. 22 percent of respondents (1,229) wouldn’t be too worried if hackers were able to read their emails or view other information belonging to them. Avira has issued a warning to those deluded into believing that cyber criminals are only interested in highly secret data or huge bank accounts. The fact is that criminals can be satisfied just to steal computer capacity for remote control bot-nets or to acquire the identities of their victims for the purposes of concealing crime. This means that careless handling of one’s own data can lead to trouble with the authorities, as well as frequent financial losses.
A good four percent of those surveyed (243) were aware of this from bitter experience: They suffered concrete losses and found it necessary to discuss the matter with their bank.

A further almost six percent (313) had been the personal victims of identity theft. They found that outsiders had accessed their email, Facebook and Ebay accounts, for example.
Around ten percent of respondents have already been the victims of digital data theft.

As the Avira moral issue survey also reveals, other Internet users have learned from their bad experiences – or from anecdotal evidence. 19 percent (1,055) are particularly careful ever since they heard of an attack on someone they know and now take the appropriate steps to protect their security.

http://www.avira.com/en/company_news/cyber_criminals_underestimated.html

Nearly 20% still running IE 6

VB poll finds users still running outdated browser despite campaigns to boycott it.

Despite widespread calls to boycott IE 6 and Microsoft’s plans to retire support for the browser, 19% of respondents in a Virus Bulletin poll said that they are still running the browser, whether at home, at work, or both.

The browser has come in for heavy criticism due to numerous security flaws and its use of outdated technology. Indeed, in January both the French government and the German government issued advisories to computer users recommending that they switch to a different web browser, after it was discovered that IE 6 contained a serious security flaw that could be exploited by hackers and cybercriminals.

Although the flaw in question was patched by Microsoft in late January (ahead of the company’s usual Patch Tuesday release for the month), support for the browser is already being phased out by Internet favourites such as Google, YouTube and Facebook, largely due to its lack of support for modern web standards.

http://www.virusbtn.com/news/2010/02_22.xml via Sunbelt Blog.

Google Picasa JPEG Image Processing Integer Overflow Vulnerability

Google Picasa is prone to a remote integer-overflow vulnerability.
An attacker can exploit this issue to execute arbitrary code with the privileges of the currently logged-in user. Failed exploit attempts will result in a denial-of-service condition.

Vulnerable:  Google Picasa 3.6 Build 95.25
Not Vulnerable:  Google Picasa 3.6 Build 105.41

Solution:
Reportedly the vendor has released Picasa 3.6 Build 105.41 to address this issue but Symantec was unable to confirm this information. Please contact the vendor for more information.

http://www.securityfocus.com/bid/38384/discuss

The non-vulnerable version was released yesterday.

McAfee pays $67M in fraud settlements

Thousands of investors have been paid a combined $67 million in connection with financial fraud settlements by McAfee Inc., the Securities and Exchange Commission said Monday.

Security software maker McAfee settled the charges in February 2006 without admitting or denying wrongdoing. It also agreed at the time to pay roughly $50 million in penalties.

The SEC charged the Santa Clara company in January 2006 in U.S. District Court for California’s Northern District, alleging it had defrauded investors by overstating its revenue and earnings. According to the SEC, the scheme took place between 1998 and 2000.

http://sanjose.bizjournals.com/sanjose/stories/2010/02/22/daily15.html

Malware levels stay flat

A new report from security firm Kaspersky Lab suggests that there has been little growth in the number of new malware samples. Skip related content

The company reported that over 2009, roughly 15 million new malware samples were found, a rate of around 30,000 new threats each day. That rate, said the company, was "virtually the same" as the 2008 level.[...]

Additionally, the company reported that web-based fraud schemes, such as fake anti-virus software, boomed over 2009 and netted some $150 million in profits.

This year, much of the focus is expected to shift from PC-based malware to attacks on web services and new devices.

Kaspersky pointed to an increase in attacks targeting Facebook and Twitter over the year and predicted that the trend will continue in 2010. The company suggested that web services such as Google Wave could be popular targets this year, as well peer-to-peer services and mobile handsets.

http://uk.news.yahoo.com/16/20100224/ttc-malware-levels-stay-flat-6315470.html