Hacker Attack

SC Threat Report - April 2008

2008-04-23T12:49:00.002-05:00

SC Magazine (http://scmagazineus.com) has a monthly ThreatReport feature which hilites hacker activity worldwide. Among this months items...

Quebec: Authorities nailed 17 hackers (aged 17 to 26) for compromising computers in more than 100 countries.
California: Hario Tandiwidjojo pleaded guilty to infiltrating about 60 computers inside business kiosks.
Sweden: hackers accessed the email accounts of 40 police officers then leaked much of the material they found to the general public.

2007-11-29T15:13:00.000-05:00

Here are the Top 10 spyware threats reported by Sunbelt Software for October 2007.

1. Trojan.FakeAlert                            

2. Trojan-Downloader.Zlob.Media-Codec          

3. Virtumonde                   

4. ClickSpring.PuritySCAN    

5. Trojan.NewMediaCodec                        

6. Trojan.Unclassified.gen          

7. Command Service                

8. ClickSpring.Oinadserver    

9. Trojan.Smitfraud               

10. WinAntiVirusPro

You can find the latest real-time list of these threats and how they present themselves at the Sunbelt Software site.

U.S. Remains the King of Spam

2007-10-29T08:07:00.000-05:00

It would appear that every nation on earth is fighting spam... except the United States, where relayed spam continues to grow quarterly.

These findings come from a recent report by international IT security firm, Sophos.

28% of all of the world's spam is relayed from US computers. That's five times the level of any other country on the globe.

By contrast, Canada, which has had an anti-spam action plan since 2004, has reduced it's contribution to the problem to a miniscule 0.8%.

For more information from the report, click here.

MP3 Spam

2007-10-22T10:29:00.000-05:00

From the Sophos' security reports...

In yet another pump-and-dump spam campaign designed to inflate share prices of a little-known company, spammers have targeted MP3 music files as the messenger. Files posing as tracks from stars like Elvis, Fergie and Carrie Underwood in reality contain a monotone voice encouraging people to buy shares. While spammers still have a lot to learn, organizations would benefit from blocking all MP3s in email as a precaution. Keep reading to learn more about the latest trends in spam and how to protect your business.

http://www.sophos.com/news/2007/10/stock-mp3.html

Threat report

2007-10-14T09:07:00.000-05:00

SC Magazine's Threat Report this month includes...

Canada plans to spend $3 million on a study of cybercrime. An initial $100,000 goes to the Canadian Association of Police Boards, who will examine the extent of online criminal activity and the feasibility of building a center to deter cybercrime.
Jacob Vincent Gree-Bressler of Tucson, AZ was sentenced to 84 months in prison for using stolen credit cards.
Afghanistan soldiers are now prohibited from using cell phones after Taliban Extremists used mobile hacking software to tap into British soldiers' mobile phones.

Find more details at the SC Magazine web site.

The Weakest Link in the Chain Can Be the User

2007-05-14T10:49:00.000-05:00

Jim Rapoza, a writer for eWeek magazine reminds us that Internet security problems often originate with the PC user. His article in the May 7, 2007 issue can be viewed as a slide show via this link.

There's nothing new for the IT security professional, but it doesn't hurt for computer users to scan through a brief refresher on how they are often making themselves vulnerable through carelessness.

InfoSecurity Canada Trade Show & Conference

2007-05-10T10:35:00.000-05:00

Those living near Toronto, Canada or who will be in that area mid-June may be interested in attending the InfoSecurity Canada Trade Shoe & Conference. It's being held June 13-14 at the Metro Toronto Convention Centre (with pre-conference tutorials on June 12).

Virtually all aspects of IT security will be covered. Pre-May 18 registration is FREE for access to the exhibit hall and Microsoft and Allstream tutorials.

Single day conference registration is $525 and access to the whole thing is $795.

More info at http://www.infosecuritycanada.com.

Malware on the Rise... China and US to Blame

2007-04-24T11:33:00.000-05:00

Apologies, if we seem to be over-using material from IT security firm, Sophos, but they really do have the best stuff most of the time. We have no formal or monetary connections with them. We just find a gold-mine of articles and stats at their site that are updated frequently.

Sophos is also much more international in its coverage and product distribution network, so we're not faced with articles and surveys that imply that no one lives outside the US borders.

The latest Q1 2007 Sophos research on malware shows a marked increase year-over-year for that quarter... roughly 24,000 new threats in Q1 2007 vs 9,500 in the same quarter of 2006.

The good news, though, is that the levels of infected email have fallen... 1 in 256 now vs 1 in 77 a year ago.

The source of malware hosting countries hasn't changed much. China hosts 41% and its partner in crime, the US, hosts 29%. No other country in the world comes close (#3 Russia is at 4.6% and all others are lower).

You Can Run, but You Can't Hide

2007-04-03T10:49:00.000-05:00

Like James Bond, with his license to kill, a lot of hackers feel that they are immune to the legal system if they feel that their cause is just. In the past we've commented on one just hacker who vigilante-style tracks down computers that have alleged child porn files on them.

We neither encourage nor condemn such behaviours... preferring to let the prevailing legal system decide.

Another form of "immunity" is hacking into computers in another country, on the assumption that the laws in one country won't affect someone in another country. But, then there's that magic word "extradition" that hackers are inclined to ignore. After all it takes deep pockets and significant cooperation between countries to pull that off.

All the same, Gary McKinnon, the alleged NASA Hacker, learned the hard way that the US could yank him out of his north London, England home and put him on trial on US soil.

Here's an excerpt from an article prepared my Internet security company, Sophos...

McKinnon, a self-confessed computer enthusiast from north London, was defending himself against the order in the UK Court of Appeal, after Home Secretary John Reid determined in 2006 that the extradition should go ahead. McKinnon will now be tried in the US against charges of breaking into and damaging US Government computers.

McKinnon is alleged to have hacked into computers belonging to the US Army, US Navy, US Air Force, Department of Defense and NASA. He claims that he broke into the networks only to uncover confidential information about anti-gravity propulsion systems and extraterrestrial technology which he believed the authorities were hiding from the public. He has led a high profile campaign to avoid extradition, supported by many other computer hackers.

"The US Government is taking a hard line towards cybercrime, and certainly won't tolerate anyone trying to compromise its own computers - McKinnon really should have considered this before he went UFO-hunting," said Graham Cluley, senior technology consultant at Sophos. "This decision will doubtless send shockwaves through the hacking community, but irrespective of McKinnon's motivations, computer hacking is illegal both in the UK and the US, and it's high time people started thinking twice before engaging in such activities."

McKinnon's beliefs in extraterrestrials suggests to us that therapy, not extradition is called for.

Aside from that, this is not a black-and-white issue. In 2006 Sophos polled polled over 500 IT professionals on this issue, and 52% felt that McKinnon should not be extradited. The community is clearly split on this issue. What do you think?

When is illegal hacking OK?

2007-02-26T09:53:00.000-05:00

International Internet security firm, Sophos, raises an interesting question in their latest newsletter... is illegal hacking ever justified?

They raise the example of a former California judge who was convicted of possessing child pornography and sentenced to 27 months in jail.

The key evidence in the conviction came from a Canadian hacker, Brad Willman, who infected the convicted man's PC with a Trojan horse, disguised as images of child abuse, on an internet newsgroup visited by pedophiles in 1999. The hacker (who used the handle Omni-Potent) broke into the PCs of those he infected, focusing on those he suspected of being involved in child abuse.

Sophos would like you to vote on whether this illegally obtained evidence was justified.

We'll be following the results of that poll, but would also welcome your comments here on the following two questions...

Should illegal evidence ever be permissible, no matter what the charge?
Should the hacker, Brad Willman, have been charged and potentially convicted for his crime of illegally infecting PCs connected to the net (ignoring cross-border legal issues)?

What's This? Hacker Drive-By's?

2007-02-15T15:04:00.000-05:00

Drive-by Web attack aimed at home routers

Too lazy to change default passwords? You'll pay.

Robert McMillan

February 15, 2007 (IDG News Service) -- If you haven't changed the default password on your home router, do so now.
That's what researchers at Symantec Corp. and Indiana University are saying, after publishing the results of tests that show how attackers could take over your home router using malicious JavaScript code.
For the attack to work, the bad guys would need a couple of things to go their way. First, the victim would have to visit a malicious Web site that served up the JavaScript. Second, the victim's router would have to still use the default password that it's pre-configured with it out of the box.
In tests, the researchers were able to do things like change firmware and redirect a D-Link Systems Inc. DI-524 wireless router to look up Web sites from a DNS (Domain Name System) server of their choosing. They describe these attacks in a paper (PDF format), authored by Sid Stamm and Markus Jakobsson of Indiana University, and Symantec's Zulfikar Ramzan.
"By visiting a malicious Web page, a person can inadvertently open up his router for attack," the researchers write. "A Web site can attack home routers from the inside and mount sophisticated... attacks that may result in denial of service, malware infection, or identity theft."

The paranoia continues...

2007-02-12T10:19:00.000-05:00

February 06, 2007 (Computerworld) -- SAN FRANCISCO -- An emerging breed of sophisticated malware is raising doubts about the ability of traditional signature-based security software to fend off new viruses and worms, according to experts at this week's RSA security conference here.

Signature-based technologies are now "crumbling under the pressure of the number of attacks from cybercriminals," said Art Coviello, president of RSA Inc., the security division of EMC Corp. This year alone, about 200,000 virus variants are expected to be released, he said. At the same time, antivirus companies are, on average, at least two months behind in tracking malware. And "static" intrusion-detection systems can intercept only about 70% of new threats.

Hackers Take Advantage of Weak Passwords

2007-02-07T15:00:00.000-05:00

... From Computerworld

February 06, 2007 -- Left online for 24 days to see how hackers would attack them, four Linux computers with weak passwords were hit by some 270,000 intrusion attempts -- about one attempt every 39 seconds, according to a study conducted by a researcher at the University of Maryland.

Among the key findings: Weak passwords really do make hackers' jobs much easier. The study also found that improved selection of usernames and associated passwords can make a big difference in whether attackers get into someone's computer.

What surprises me is that these were Linux computers.

Excel Too?

2007-02-06T13:11:00.000-05:00

From Computerworld, Feb 5 '07...

Over the past year hackers have increasingly focused on Office applications as a security hole and the attacks based on these flaws are often the same: Criminals send an e-mail that appears legitimate, and trick unsuspecting users into opening a maliciously encoded document. Once the document is opened, attackers are able to install unauthorized software on the victim's system.

Microsoft may not have time to patch the Excel flaw in time for its next set of security updates, expected Feb. 13, but, no doubt, it has other Office patches in the works. Over the past few months four similarly critical flaws have been reported in Microsoft Word. None of these has yet been patched.

Antivirus Software and Disk Defragmentation

2007-01-29T15:23:00.000-05:00

From Computerworld...

Want to speed up your antivirus scans? After years of anecdotal data from Diskeeper customers about the reduction in virus-scan times attributed to defragmentation, Diskeeper Corporation decided to investigate. They tested the four antivirus software packages that make up 90 percent of the market. After testing on different system configurations, they found major improvements in scan times—as high as 61 percent. Download this white paper and see how much faster your antivirus software should be running.
http://cwflyris.computerworld.com/t/1228467/50218600/49137/0/

US & China are biggest security threats worldwide

2007-01-24T11:37:00.000-05:00

TehranTimes.com reports that the United States and China host 2/3 of all spam, viruses and other computer security threats worldwide as of the end of 2006.

34.2% of malware originated in the US; 31% in China.

22% of spam originates in the US; 15.9% in China.

No other country houses even half the percentage of threats.

In case you question the source, the data were actually gathered by Sophos, a well-known and respected international threat management company.

Use the following link to download a recent white paper from Sophos on the outlook for 2007 security threats... Security Threat Report 2007.

Can it be that easy?

2007-01-23T15:55:00.000-05:00

Are you in the dark about how hackers work? To some extent we all are. This blog is intended to familiarize you with how hackers tap into corporate and personal computers, and what might be done to prevent such attacks. Our goal is certainly not to make you paranoid, but we don't think staying ignorant abut the issues is advisable either.

We try to keep it simple and current. We'll touch on hacker tactics, comment on major attacks and related newsworthy items, and pass along tips from the experts on "hacker-proofing" your computer or network.

To get things rolling, here's a link to a video from BBCWorld that demonstrates how easily it can be done in some instances.

If you have questions or comments on any of the material you find in this blog, be sure to use the Comments link under each posting.