General discussion

NEWS - April 01, 2010

Sexy romances distract hackers from data theft, Sophos research proves

From Graham Cluley's Blog:

You may already have read the press release about "Protection Through Distraction", but I wanted to ensure as many people heard about this as quickly as possible. I'm thrilled to report that Sophos is today revealing important new research into how companies can protect their most sensitive data - and asking the internet community to assist by writing romantic fiction!

Yes, I know it sounds crazy, but let me explain:

* The problem, and a novel solution
* Watch the video
* Competition: Help us by continuing our romantic story

The problem, and a novel solution

As you all know by now, companies around the world are worried about sensitive data being stolen from their networks.

So, how about hiding your most sensitive data amid non-sensitive information? Like a needle in a haystack..

Continued here: http://www.sophos.com/blogs/gc/g/2010/04/01/sexy-romances-distract-hackers-data-theft-sophos-research-proves/
Discussion is locked
Follow
Reply to: NEWS - April 01, 2010
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - April 01, 2010
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Before Fire, Ukrainian Hosting Company Was Improving

A Ukrainian hosting provider struck by fire last weekend had been taking steps in recent months to cleanse its network of servers used by cybercriminals, according to a security expert.

Hosting.ua, based in Odessa, Ukraine, reportedly experienced a fire on March 27 that destroyed part of its infrastructure. The main Web page for the provider was still offline as of Wednesday, and efforts to reach officials there by e-mail and phone were unsuccessful.

Hosting.ua ranked fourth on a list of bad providers at the end of last year for hosting servers that supported spam, malware and other nefarious activity, according to a security researcher who uses the pseudonym Jart Armin. He edits the Web site HostExploit.com, which tracks how malicious software propagates across the Internet.

Continued here: http://news.yahoo.com/s/pcworld/20100331/tc_pcworld/beforefireukrainianhostingcompanywasimproving

- Collapse -
SpyEye vs. ZeuS Rivalry

It?s common for malware writers to taunt one another with petty insults nested within their respective creations. Competing crime groups also often seek to wrest infected machines from one another. A very public turf war between those responsible for maintaining the Netsky and Bagle worms back in 2005, for example, caused a substantial increase in the volume of threats generated by both gangs.

The latest rivalry appears to be budding between the authors of the Zeus Trojan ? a crime kit used by a large number of cyber thieves ? and ?SpyEye,? a relatively new kit on the block that is taking every opportunity to jeer at, undercut and otherwise siphon market share from the mighty Zeus.

Symantec alluded to this in a February blog post that highlighted a key selling point of the SpyEye crimeware kit: If the malware created with SpyEye lands on a computer that is already infected with Zeus, it will hijack and/or remove the Zeus infection.

Continued here: http://www.krebsonsecurity.com/2010/04/spyeye-vs-zeus-rivalry/

- Collapse -
Separating April Fools? From Fraud on the Web

On the Internet, every day is April Fools? Day.

On this day, the holiest for online pranksters, today?s headlines, R.S.S. feeds and tweet-streams will be flooded with fake press releases, fake news items and prank headlines.

Adding to the confusion, some companies will introduce products today whose press releases will be mistaken for jokes. When Gmail was announced April 1, 2004, many people thought the then unheard-of offer of one gigabyte of free e-mail storage could not be true.

But then, Google can only blame itself. The company is famous for April Fools? pranks like fictitious job openings for a research center on the moon, Google Gulp, a drink to make you smarter about making search inquiries and a broadband service called TiSP, or Toilet Internet Service Provider, that used wires strung through sewers. (Not a bad idea, really.)

Continued here: http://www.nytimes.com/2010/04/01/technology/personaltech/01basics.html

- Collapse -
Many FakeAV Hoaxes for April Fool?s Day

From the Bkis Security Blog:

April Fools? Day is the day of fun jokes or hoaxes on friends, family members and others who would enjoy instead of getting angry. However, computer users would hardly find it fun when fooled by FakeAV.

As per our research, many keywords related to April Fools? Day are BHSEO-ed and they would lead searchers to FakeAV. For example: ?April Fools Day 2010", ?April Fools Day Recipes?, ?April Fools Day History?, ?April Fools Day Origin?, ?April Fools Jokes Pranks?, ?April Fools Day Pranks For School?, ?April Fools Jokes For Kids?, ?April Fools Jokes For Teachers?, ?April Fools Jokes For Work??

The number of April Fools? Day keywords exploited this time is particularly higher than other waves of BHSEO attacks, which shows hackers? greater interest in this event. [...]

Continued here: http://blog.bkis.com/en/many-fakeav-hoaxes-for-april-fools-day/

- Collapse -
Interview with Charlie Miller

From the Securiteam Blogs:

For those of you who don?t know who Charlie Miller is (really, you don?t? Maybe it?s time to get out from under the pile of paperwork for a change then.) He?s the guy who?s managed to pwn 3 Apple products at Pwn2Pwn over the last three consecutive years. I got to thinking recently, and the last person that I interviewed for the SecuriTeam Blogs was Fyodor, and that feels like a lifetime ago! So I dropped Charlie a line to see if he?d be up for it, and thankfully he was.

xyberpix: How and what got you get started in vulnerability discovery?

0xcharlie: It was back at the NSA so I can?t really talk about it. But I really like the concept of vulnerability analysis. Its slightly adversarial in nature. Smart people write software and I have to try to find mistakes that they?ve made.

Also,it appeals to me in the same way that collecting baseball cards does to people. I like having a bunch of bugs that only I know about. There is something intellectually satisfying about that.

xyberpix: What made you pick OS X as what seems to be your primary target?

Continued here: http://blogs.securiteam.com/index.php/archives/1352

- Collapse -
When is a picture not worth 1000 words?

From the SophosLabs Blog:

When it is not actually a picture but an obfuscated malicious VB script!

That?s the story with W32/VBSAuto-F ? yet another autorun worm that sets a number of self-starting registry entries, spreads via USB drives, and downloads further malware. The worm embeds code in a JPEG comment field of an ambiguously named file ?image.jpg? or ?imwin.jpg?.

Previewing such files as images remains innocuous, as picture viewers tend not to execute meta data by default. This is unfortunately not the case when the file is run through the VB script engine, which is happy to interpret the same JPEG comment 0xFFFE header bytes to indicate Little-Endian UTF-16 encoded data and execute the remaining portion of the file as code. [...]

Continued here: http://www.sophos.com/blogs/sophoslabs/?p=9244

- Collapse -
Conficker zombies celebrate 'activation' anniversary

"Anti-climactic Downadup gets one bump"

Thursday marks the first anniversary of the much hyped Conficker trigger date. Little of note happened on 1 April 2009 and machines infected by Conficker (aka Downadup) remain largely dormant, but an estimated 6.5 million Windows PCs remain infected with the threat.

These machines are "wide open to further attacks", net security firm Symantec warns.

The rascals behind the worm remain unknown and the purpose of the malware unclear. Some in the anti-virus industry, such as Raimund Genes, CTO of Trend Micro, reckon the malware was designed to distribute scareware (fake anti-virus scanners designed to nag victims into buying software of little or no utility, often on the basis of false warnings of Trojan infection).

Machines infected with the C variant of Conficker subsequently became infected with Spyware Protect 2009 (a scareware package) and the Waledac botnet client, a factor that supports this theory. Infected machines are closely monitored by law enforcement and by members of the Conficker Working Group, a factor that goes a long way towards explaining why crooks have not used the huge botnet under their control to send spam, launch a denial of service attack or any other form of high visibility attack.

Continued here: http://www.theregister.co.uk/2010/04/01/conficker_anniversary/

- Collapse -
Adobe Discusses PDF Attack as Foxit Adds Warning

Foxit Software told eWEEK it plans to add a warning to protect users from a new attack vector involving PDF files that can impact users without a software vulnerability. Adobe, which already has a warning built in, said the issue is being discussed.

Foxit Software plans to follow Adobe Systems? lead and add a warning dialog box to give users a heads-up about a new tactic leveraging malicious PDF files to attack users.

The security issue was uncovered by Didier Stevens, an IT consultant with Contraste Europe, who discovered a way to get PDF viewers like Adobe Reader and Foxit Reader to execute embedded executables using a launch action triggered when the PDF file is opened.

Continued here: http://www.eweek.com/c/a/Security/Adobe-Discusses-PDF-Attack-as-Foxit-Adds-Warning-809457/

Also: Adobe, Foxit examine new no-bug-needed PDF hack

From (and about) Didier Stevens: PDF Arbitrary Code Execution - vulnerable by design.

CNET Forums