« DNSSEC now fully deployed on the Internet root: Cyber Highlights July 7 22, 2010 | Main | G Data releases tool to block Windows shortcut attack: Cyber Highlights July 28, 2010 »
Dell warns of malware on server motherboards: Cyber Security Highlights July 23, 2010
By Kelli Tarala | July 26, 2010
Dell is warning customers that “a small number” of its server motherboards may contain malicious software. “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware,” according to a post on a Dell support forum. “This malware code has been detected on the embedded server management firmware.” The malware issue affects a limited number of replacement motherboards in four servers, the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 models, the vice president and general manager of server platforms at Dell wrote in an e-mail.
Full Story:
http://www.computerworld.com/s/article/9179483/
Spam with shortened URLs accounts for 18 percent of all spam sent
One Web site visit is generated for every 74,000 spam e-mails containing a shortened URL link. According to the Symantec MessageLabs Intelligence Report for July, the most frequently visited shortened links from spam received more than 63,000 Web site visits. A MessageLabs Intelligence senior analyst at Symantec Hosted Services told SC Magazine that spammers are generally getting a return of a tenth of one percent when it comes to a click through return rate.
Botnet malware writers arrested in Slovenia
Slovenian police have arrested four suspects amid allegations that the four developed the Mariposa botnet malware. The arrests come on the heels of a joint investigation between Slovenian police and the FBI. Earlier this year, three suspects were arrested in Spain and were charged with distributing the malware. According to STA, a Slovenian news agency, the four suspects are through to have developed the malware used by the Spaniards. Investigators said the Mariposa botnet may have infected up to 12.7 million PCs around the globe. During the arrests in Spain, police found the banking information of around 800,000 people.
Full Story:
http://www.thenewnewinternet.com/2010/07/22/botnet-malware-writers-arrested-in-slovenia/
1.2 million infected by Eleonore exploits toolkit
AVG’s Web security research team has discovered a network of 1.2 million malware-infected computers controlled by cybercriminals who were using the Eleonore exploit toolkit –- commercial-attack software enabling cybercriminals to infect and monitor compromised PCs. The two-month-long study by AVG Research reviewed 165 Eleonore toolkits in use by cybercriminals and concluded that those using the Eleonore exploit toolkit were experiencing a 10 percent success rate in infecting the more than 12 million users visiting their compromised Web pages. All 165 domains experienced high volumes of traffic, which the cybercriminals managed to compromise. The research was built using AVG LinkScanner product data, identifying URLs that the product blocked when it identified a threat.
Full Story:
http://www.net-security.org/malware_news.php?id=1410
Microsoft warns of Windows shortcut drive-by attacks
Microsoft July 21 said that hackers could exploit the unpatched Windows shortcut vulnerability using drive-by download attacks that would trigger an infection when people simply surf to a malicious Web site. A noted vulnerability researcher July 21 confirmed such attacks are possible. In the revised security advisory published July 20, Microsoft acknowledged the new attack vector. “An attacker could also set up a malicious Web site or a remote network share and place the malicious components on this remote location,” the company said. “When the user browses the Web site using a Web browser such as Internet Explorer or a file manager such as Windows Explorer, Windows will attempt to load the icon of the shortcut file, and the malicious binary will be invoked.” That language was a change from earlier statements by Microsoft, which had said that attackers could hijack Windows PC by setting up a remote network share, a much more complicated task than building a malware-spreading Web site.
Full Story:
http://www.computerworld.com/s/article/9179512/
Malicious shortcuts: now documents and webpages are risky too
There is more bad news for those troubled by the Microsoft zero-day vulnerability that allows a Windows shortcut link, known as an .LNK file, to run malicious code whenever Windows displays their icon. The Shortcut exploit is well known to be capable of spreading via USB sticks, network and remote WebDav shares. But the latest version of Microsoft’s security advisory on the subject also warns that a malicious shortcut file can be embedded on a Web site (meaning users who visit the page via Internet Explorer could be infected) or hidden inside documents. It has also become apparent that .PIF files can also be exploited by the vulnerability, as well as .LNK files.
Full Story:
http://www.sophos.com/blogs/gc/g/2010/07/21/malicious-shortcuts-documents-webpages-risky/
38 states grill Google on three-year Wi-Fi slurp
A coalition of 38 U.S. states has called on Google to explain in detail how Wi-Fi-sniffing software that surreptitiously collected data over wireless networks was included in its fleet of Street View cars. “We are asking Google to identify specific individuals responsible for the snooping code and how Google was unaware that this code allowed the Street View cars to collect data broadcast over WiFI networks,” the attorney general of Connecticut said in a statement issued July 21. “Information we are awaiting includes how the spy software was included in Google’s Street View network and specific locations where unauthorized data collection occurred.”
Full Story:
http://www.theregister.co.uk/2010/07/21/google_wifi_snoop_inquiries/
New ‘Kraken’ GSM-cracking software is released
On July 16, an open-source group released software that cracks the A5/1 encryption algorithm used by some GSM networks. Called Kraken, the software uses new, efficient encryption-cracking tables that allow it to break A5/1 encryption much faster than before. This is a key step toward eavesdropping on mobile phone conversations over GSM (Global System for Mobile Communications) networks. Since GSM networks are the backbone of 3G, they also provide attackers with an avenue into the new generation of handsets. As the software becomes more polished, it will make GSM call eavesdropping practical. “Our attack is so easy to carry out, and the cost of attack is lowered so significantly, that there is now a real danger of widespread intercepting of calls,” a developer with the A5/1 Security Project said. The developer and his co-developers haven’t put together all the components someone would need to listen in on a call — that would be illegal in some countries. Someone must still develop the radio-listening equipment needed to gain access to the GSM signal, but that type of technology is within reach. He said this could be done using an inexpensive mobile phone and a modified version of open-source software called OsmocomBB. Hackers could also use a more expensive Universal Software Radio Peripheral (USRP) device in conjunction with another program, called Airprobe.
Full Story:
http://www.computerworld.com/s/article/9179529/
Read the Full DHS Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_072310.pdf
Topics: DHS Infrastructure Reports |
Comments are closed.