Archive for November 2nd, 2011

Facebook – 600,000 compromised logins on daily basis

On a percentage basis 99.94% of individuals among one billion users are true owners of the account.  However, this is still a very large number of compromised accounts. 

Facebook – 600,000 compromised logins on daily basis
http://securitywatch.pcmag.com/social-networking/289976-facebook-sees-600-000-compromised-logins-daily

QUOTE:  In a recent infographic from Facebook regarding security, the social networking company let the world know it faces approximately 600,000 security threats per day in the form of “compromised” logins. That’s a mere 0.06 percent of the 1 billion logins the site sees per day, although it’s still a sizable number.  “A compromised login’ means the person logging in knows the username and password for an account, but we suspect they may not be the actual account holder

Duqu – Exploits zero day Windows kernel vulnerability

The new Duqu threat was modeled after and perhaps represents the next version of Stuxnet (i.e., one of the most sophisticated malware attacks ever crafted).  A recent discovery documents how Duqu exploits the Windows kernel from a malicious Word document.   Microsoft is working on a patch to address this vulnerability and all suspicious Word documents should be avoided.

Duqu exploits zero-day flaw in Windows kernel
http://www.computerworld.com/s/article/9221372/Update_Duqu_exploits_zero_day_flaw_in_Windows_kernel
http://www.symantec.com/connect/w32-duqu_status-updates_installer-zero-day-exploit
http://blogs.mcafee.com/mcafee-labs/of-kernel-vulnerabilities-and-zero-dayz-a-duqu-update
http://www.f-secure.com/weblog/archives/00002263.html

QUOTE:  The Duqu trojan infects systems by exploiting a previously unknown Windows kernel vulnerability that is remotely executable, security vendor Symantec said today.  Symantec said in a blog post that CrySys, the Hungarian research firm that discovered the Duqu Trojan earlier this month, has identified a dropper file that was used to infect systems with the malware.

The installer file is a malicious Microsoft Word document designed to exploit a zero-day code execution vulnerability in the Windows kernel.  “When the file is opened, malicious code executes and installs the main Duqu binaries” on the compromised system, Symantec said.  Once Duqu is able to get a foothold in an organization through the zero-day exploit, the attackers can command it to spread to other computers. In one organization, evidence was found that showed the attackers commanding Duqu to spread across SMB shares.

Kaspersky Labs – More on Duqu
http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One
http://www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
http://www.securelist.com/en/blog/208193206/The_Mystery_of_Duqu_Part_Three
http://www.securelist.com/en/blog/208193178/Duqu_FAQ