Koobface gang refresh botnet to beat takedown

Twitter scourge changes pants
Posted in Malware, 11th March 2010 16:32

Command and Control servers associated with the infamous Koobface worms have gone through a complete refresh over the last fortnight. Russian net security firm Kaspersky Lab reckons the change up might be aimed at making takedown efforts by cybercrime fighters more difficult.

Koobface spreads via messages on social networking sites such as Facebook and Twitter. The worm and compromised legitimate websites act as proxies for its main command and control servers. Infected machines are contaminated with other forms of malware, in particular scareware (rogue anti-virus), an easy and most profitable mechanism in general for cybercrooks to make money.

Read all of Koobface gang refresh botnet to beat takedown

Intel hit by 'sophisticated' hack last month

Et tu, Chipzilla?
By Dan Goodin in San Francisco
Posted in Security, 23rd February 2010 20:40

Intel says it was hit by a "sophisticated incident" in January in which hackers attempted to breach its digital defenses, making it the latest US company to admit it is being targeted by online miscreants.

The world's biggest chipmaker made the acknowledgment in a recent filing with the Securities and Exchange Commission under a section devoted to risks that could have an adverse effect on the company's bottom line. It is the first time Intel has included hacking as a risk factor.

Read all of Intel hit by 'sophisticated' hack last month

Researcher spies new Adobe code execution bug

Download Manager + web flaw = threat
By Dan Goodin in San Francisco
Posted in Security, 18th February 2010 23:15

A researcher has unearthed a bug in software used to install Adobe's ubiquitous Reader and Flash applications that can be exploited to remotely install malicious files on end user PCs.

The Adobe Download Manager is an ActiveX script that is invoked when people install or update Reader or Flash using Internet Explorer. Researcher Aviv Raff has figured out how to exploit it to install any file he wishes simply by tricking a user into clicking on a link on the Adobe.com domain.

The attack combines a vulnerability on Adobe's website with a defect in the download manager. The result: he was able to install and execute his own instance of the Windows calculator on a Register test machine. Aviv demonstrated the exploit on the condition further technical details be withheld.

Read all of Researcher spies new Adobe code execution bug

Undead botnets blamed for big rise in email malware

Grave concern over reanimated cyber-corpses
By John Leyden
Posted in Malware, 17th February 2010 15:21

Malicious spam volumes increased dramatically in the back half of 2009, reaching three billion messages per day, compared to 600 million messages per day in the first half of 2009. But this is still a tiny fraction of the estimated global spam volume, thought to be about 200 billion messages per day.

A new report by net security firm M86 Security points the finger of blame for the torrent of malware, phishing and other scams (collectively defined as malicious spam) and junk mail more generally towards botnet networks of compromised machines. It reckons five botnets were responsible for 78 per cent of the malicious spam it fought in the second half of 2009.

Read all of Undead botnets blamed for big rise in email malware

Another NHS hospital stricken with Conficker virus

Social healthcare disease By John Leyden
Posted in Malware, 18th February 2010 15:05 GMT
Analysis The infamous Conficker worm has infected yet another NHS facility.

Computer systems at the West Middlesex University Hospital NHS Trust were infected by the worm last Friday, leaving hospital staff unable to book appointments via computer. The outbreak has been contained but some hospital IT systems remain unavailable, resulting in ongoing delays to patients and affecting the smooth running of the medical facility.

Read all of Another NHS hospital stricken with Conficker virus

Facebook pulls prisoner pages over taunts

London, England (CNN) -- At least 30 pages have been deleted from social networking site Facebook after they were used by British prisoners to taunt their victims from behind bars, government officials said Thursday.

The move came following a request by UK Justice Secretary Jack Straw amid a crackdown on inmates using contraband cell phones or accomplices outside prison to access the Internet to intimidate.

Read all of Facebook pulls prisoner pages over taunts

Aussie anti-censor attacks strafe gov websites

Operation Titstorm DDoS more of a bee sting
By John Leyden
Posted in Enterprise Security, 11th February 2010 14:07

The Anonymous denial of service campaign against Australian government websites on Wednesday in protest against mandatory net filtering plans was a relatively modest affair, but still managed to disrupt the access to targeted websites.

Arbor Networks, which markets security technology that helps service providers to mitigate DDoS attacks, reports that the peak size of the attack against Australian government websites was a relatively low 16.84 Mbps. By comparison, one in five service providers reported botnet-fueled attacks that in the 1-4 Gps range last year, with the worst attack hitting 49 Gbps, according to an annual review by Arbor.

Read all of Aussie anti-censor attacks strafe gov websites

Conficker outbreak infects Leeds hospital servers

Sicko
By John Leyden
Posted in Enterprise Security, 9th February 2010 00:25

Updated Servers on the network of NHS Leeds were struck down by the Conficker worm late last week.

The malware infection struck on Friday and forced administrators to take a handful of infected servers offline, in phases, in order to apply deworming tools. Trust PCs were not infected by the attack, which a leaked memo (extract below) blamed on the connection of an infected laptop to the network.

Read all of Conficker outbreak infects Leeds hospital servers

IE Windows vuln coughs up local files

One click bares entire C drive
By Dan Goodin in San Francisco
Posted in Security, 27th January 2010 21:53

If you use any version of Internet Explorer to surf Twitter or other Web 2.0 sites, Jorge Luis Alvarez Medina can probably read the entire contents of your primary hard drive.

The security consultant at Core Security said his attack works by clicking on a single link that exploits a chain of weaknesses in IE and Windows. Once an IE user visits the booby-trapped site, the webmaster has complete access to the machine's C drive, including files, authentication cookies - even empty hashes of passwords.

Read all of IE Windows vuln coughs up local files

God help our smartphones, vicar prays

Plow Monday plowed under
By Rik Myslewski in San Francisco
Posted in Odds and Sods, 12th January 2010 19:34

A London clergyman has brought a medieval ceremony of the Church of England into the 21st century by blessing his flock's smartphones, laptops, and iPods.

The Revd Canon David Parrott of The City's 17th-century St Lawrence Jewry church told The Times that he wanted to update the ancient tradition of Plow Monday, when farmers would bring their plows to church to be blessed on the first Monday after after Twelfth Night.

Read all of God help our smartphones, vicar prays