Search Disaster Preparedness Blog

Entries in Computer Security (14)

Friday
Mar192010

Your Facebook Password Has Been Reset - Facebook Users Target of Latest Trojan

According to Dave Marcus Director of Security Research and Communication at McAfee, the messages are targeting 400 Million Facebook users, and was detected by customers using their security software.

Marcus said the spam run contained a variety of malware programs, including password stealers, rogue antivirus programs or botnet code.

He also went on to say that No Web site would automatically reset someone's password and send the new one in an e-mail. Facebook's high number of users makes it a prime target for spammers and hackers.

The messages say that the user's Facebook password has been reset and the user should download an attachment that contains the new password. The English-language messages are grammatically correct, but contain an odd sign-off: "Thanks, Your Facebook." McAfee has included a screenshot of the message on their blog.

Friday
Mar192010

Former Auto Dealer Employee Remotely Disables 100 Cars 

A disgruntled former employee of Texas Auto Center car dealership remotely disables cars by using a web-based immobilization system from Payteck.

Using the web-based system the former employee, Omar Ramos-Lopez, allegedly disabled the cars or made their horns honk continuously, though the dealership disputes claims that it occurred after 9:00 PM local time.

Though the business maintains that they closed Omar's account when he was laid off, he allegedly used another persons account to log into the system to cause havoc of the course of a five day period. 

The trouble stopped after the accounts for the entire business were reset and then police traced IP address from access logs back to Omar's system.

 

Monday
Mar082010

Energizer Duo USB Battery Charger Trojan - Allows Remote Access

Downloadable software for use with the Energizer Duo USB Charger has been found to contain a Trojan that allows for remote control of the system US-CERT is reporting.

It is unknown at this time how long the Trojan has been in the software, but can be as long as its release three years ago.

According to Symantec "The Trojan still operates whether this device is found or not, so a USB charger doesn't need to be plugged in for the Trojan to be functioning."

US-CERT has issued a Vulnerability Note VU# 154421 with more details. Here is some information from that report:

The installer for the Energizer DUO software places the file UsbCharger.dll in the application's directory and Arucer.dll in the Windows system32 directory.

Arucer.dll is a backdoor that allows unauthorized remote system access via accepting connections on 7777/tcp.

 

Thursday
Oct222009

China's Cyber warfare Capabilities Highlighted in Report to Congressional Commission

The U.S.-China Economic and Security Review Commission report which was produced under contract by Northrop Grumman's Information Systems Sector highlights the Cyber warfare capabilities of China.

The report also includes basic information on China's capabilities to conduct other Unconventional Warfare such as EMP (Electromagnetic Pulse) attacks, using kinetic energy weapons against satellites, and its use of Laser dazzling to disable U.S. satellites.

Though the report focuses largely on China's cyber warfare capabilities, it does make the point of how the country plans to use the other means mentioned to dominate information warfare arena.

The report also mentions the collaboration between China's military and the private black-hat hacker community. This is not the first time this relationship has been written about as other reports have made mention of this relationship, and have spoken about how the Chinese hacking community feels that it is their duty to help wage this unconditional warfare.

According to the report here are some of the actual attacks through cyber warfare that have been conducted in recent years:

  • In May 1998, anti-Chinese riots in Indonesia sparked a series of Chinese hacker attacks on multiple Indonesian Websites.
  • Following the accidental bombing of the PRC embassy in Serbia in May 1999,
    Chinese hackers mounted their first large scale attack on the White House led
    by the group Javaphile according to one of its founding members, who uses
    the “screen name” CoolSwallow.
  • The 1999 comments by then Taiwan President Lee Teng-hui that Taiwan
    deserved to be treated as an equal state by the PRC catalyzed massive PRC
    hacker attacks on the Taiwan National Assembly, Presidential Executive Office
    and many additional government Websites, according to Western press
    reports of the exchange.
  • In May 2001, the Honker Union of China claimed that it had attacked over
    1,000 US Websites—approximately the same number that US hackers
    claimed they attacked in the PRC—following the collision between a US EP-3
    surveillance aircraft and a Chinese fighter.
  • In 2001, following a large scale denial of service attack against the White
    House, the People’s Daily, the official newspaper of the Communist Party,
    issued an editorial in its online edition that decried the Chinese attacks as
    “Web terrorism,” and said that the attacks by the Honker Union of China on US
    Websites were “unforgivable acts violating the law," effectively withdrawing
    Beijing’s tacit and explicit support from the hacker groups’ campaigns.

 

 

 

Monday
Jun222009

"Nine-Ball" Attack Has Compromised 40,000 Sites

According to SC Magazine:

The attack is called “Nine-Ball” because of the name of the final, malicious landing page, which is loaded with drive-by exploits, that unsuspecting users automatically are redirected to if they visit one of the compromised sites.

Ninetoraq.in, the exploit site, contains malicious code that looks for already patched vulnerabilities in Acrobat Reader, QuickTime, Microsoft Data Access Components (MDAC) and AOL SuperBuddy, which it then attempts to exploit, Stephan Chenette, manager of security research at Websense, told SCMagazineUS.com on Wednesday.

The flaws have all been patched; some date back to 2006, Chenette said. But, the Reader and QuickTime vulnerabilities are newer, making it less likely that users are patched for them. If the maliciouscode finds an unpatched vulnerability to exploit, it either drops a malicious PDF file or a trojan designed to steal user information, Chanette said.

All of the exploits currently have low detection rates, he added.

For Full Story:

"Nine-Ball" mass injection attack compromised 40,000 sites