Posted by Laureli Mallek
Thu, 31 Jul 2008 17:55:00 GMT
Websense and IBM released security reports this week covering topics from spam to research on the impact of publicizing software vulnerabilities.
In his Security Fix blog post, Brian Krebs continues his coverage on badware distribution, prompted by the release of the report from Websense that includes data from the 40 million websites scanned hourly to collect computer security data. According to the Websense report, three quarters of all web sites containing badware, malicious downloads, are legitimate sites that have been hacked, and 60 of the Top 100 most visited websites have at one point during the last year “either hosted malware or forwarded visitors to malicious sites.”
Krebs writes that spam is still a major conduit to disseminate links to dangerously hacked websites:
According to Websense, nearly 30 percent of those links lead to sites that try to plant software which steals passwords and other sensitive data from victims. The remainder of the spam links attempt to install software that lets attackers control the systems from afar, and/or install additional software without the owner’s knowledge.
Badware authors target legitimate sites, using the prior relationship of trust established between that website and computer users to find holes in security system. Users who are familiar with programs such as NoScript, which blocks Javascript, Java, and Flash from executing without express permission of the user, will know that it is possible to allow scripts for specific trusted websites.
Network World’s Ellen Messmer discusses results from both of the reports. The IBM report tracked statistics relating to 3,534 disclosed software bugs. Messmer writes that “[a]ccording to IBM, 95% of all browser-related online exploits occurred within 24 hours of official vulnerability disclosure.”
On a more positive note, the IBM report finds that the incidence of image spam has been reduced, which has forced spammers for now to return to earlier methods. Yet spam and badware are driven by innovative badware writers, who work hard to stay ahead of security researchers. These reports highlight how important it is for computer users to be aware and use aggressive caution. Krebs recommends two excellent pointers to maintaining the sanctity of your computer:
- Disable automatic downloads.
- Browse the internet while using a User account that does not allow downloading or changing passwords or computer keys. This tip is applicable in any operating system, and protects users from absent-minded clicks that may lead to future infestation.
Posted in all | Tags badware, email, ibm, spam, vulnerability, websense
Posted by Maxim Weinstein
Fri, 27 Jun 2008 18:05:00 GMT
A researcher from security firm Kaspersky reportedly claims that he told Microsoft of a vulnerability in Internet Explorer “a long time ago,” but Microsoft didn’t consider it a security issue. Now, he claims he has found an example of an exploit in the wild that takes advantage of the vulnerability.
The attack, discovered at a compromised legitimate site, is using a modified GIF file to exploit the cross-site scripting feature/vulnerability.
...
Fast forward to the latest site compromise — on a high traffic Web site — where a GIF file containing an embedded iFrame is pointing IE users to a known malicious site. (The malicious site is currently offline but there’s evidence that it’s tied to ID-theft attacks)....
If the researcher’s findings are true (we haven’t confirmed them), then Microsoft should be embarrassed for missing an opportunity to protect its users and should immediately reconsider its position and treat this as the security issue that it is.
Posted in all | Tags ie, microsoft, stopbadware, vulnerability
Posted by Maxim Weinstein
Thu, 26 Jun 2008 16:52:00 GMT
Ryan Naraine over at the Zero Day Blog reports that a new vulnerability has been found in Internet Explorer 6 running on Windows XP with service pack 2 or 3:
An unpatched cross-domain vulnerability in Microsoft’s flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.
At the moment, there is no patch:
In the absence of a patch, IE users are strongly encouraged to upgrade to IE 7. Or, as always, consider using an alternative browser.
Posted in all | Tags ie, microsoft, stopbadware, vulnerability
Posted by Laureli Mallek
Fri, 20 Jun 2008 18:53:00 GMT
Dancho Danchev wrote about a vulnerability found in Zeus, a crimeware kit circulating widely. Danchev explains:
The vulnerability allows the injection of logins and passwords within any misconfigured web interface, due to the way in which Zeus is processing php scripts (web shells and backdoors) from the directory in which it stores the stolen data. Ironically, ‘Zeus users are advised to take care of their directory permissions, and forbid the execution of scripts from the folder holding all the encrypted stolen information’.
“The implications of this flaw are huge, since, what used to be the practice of hijacking someone’s misconfigured botnet a couple of years ago, is today’s hijacking of the malware campaigns’s command and control interface, which on the majority of occasions is left accessible to everyone – including independent researchers and the security community.
The Zeus Trojan kit is available on the market for around $700, and Danchev writes in a previous post that the Zeus kit has been used more than 150 times and attacks around 4,000 computers per day. Similar to popular software receiving unwanted attention from hackers, the prominence of this badware led to increased attention from the security community, leading to the discovery of this vulnerability.
In an additional twist, the Russian Business Network, which has been associated with creation and distribution of the Zeus kit, is actively working to protect their intellectual property from security companies and their customers. RBN has threatened to sue security companies for blacklisting their products.
The RBN even includes an EULA when they sell the crimeware kit:
The help section of the latest version of the Zeus malware states that the client has no right to distribute Zeus in any business or commercial purpose not connected to the initial sale, cannot examine the source code of the product, has no right to use the product to control other botnets, and cannot send the product to anti-virus companies.
The RBN threatens to release information on their customers if they violate this agreement and to require customers to purchase future updates. Would they pursue lawsuits against bot herders who modify their software kit without permission?
Danchev asks what would happen if the security community began unethically pen-testing the Zeus network in order to estimate the size of the botnet. Would the RBN seek to protect its intellectual property, thereby claiming ownership of the Russian Business Network infrastructure (botnet) in order to sue trespassing parties? As crimeware becomes more commercialized, the badware authors have more invested in protecting their investments in intellectual property and infrastructure. It will be interesting to see how the current legal structure can be applied to regulate the development of the malware industry.
Posted in all | Tags botnet, stopbadware, trojan, vulnerability
Posted by Maxim Weinstein
Wed, 23 Jan 2008 16:45:00 GMT
Many home and small business users have a wired or wireless router that allows them to share their high-speed internet connection and that helps to protect their network.
According to a report from security vendor Symantec, failing to secure your router with a custom password can, with some help from badware delivered to your PC, lead to a pretty big security threat. This has already been demonstrated “in the wild” by an attack targeting Mexican internet users.
The solution, according to the Symantec report, is fairly simple: change your router’s password from the default to something you’ll remember. (Most major router vendors provide an instruction manual explaining how to log into the router and change the password.)
Posted in all | Tags router, stopbadware, vulnerability
|
