Security Weekly News 12 November 2010 – Full List

Category Index

Hacking Incidents / Cybercrime

Zombie text sending malware is racking up $300,000 in charges per day.
More than 1 million cell phone users in China has been infected with a virus that automatically sends text messages, and the attack is costing users a combined 2 million yuan ($300,000 U.S.) per day.
According to Shanghai Daily, 'the 'zombie' virus, hidden in a bogus antivirus application, can send the phone user's SIM card information to hackers, who then remotely control the phone to send URL links.'

Websense Security Labs™ ThreatSeeker™ Network has detected that the Hong Kong Website of human rights organization Amnesty International has been compromised by multiple exploits, including the most recent Microsoft Internet Explorer 0-day. In one attack, an iframe has been injected into the index page, resulting in a quiet redirection of any visitor to an exploit server controlled by the cyber criminals. Websense customers are protected from this exploit by our ACE real-time analytics.
The exploit server is hosted in the United States. It combines several recent vulnerabilities in Adobe Flash, Adobe Shockwave, Apple QuickTime, and Internet Explorer.
And that's not all
In a separate attack from the injected iframe just described, the Hong Kong Amnesty International Website has also been injected directly in one of its inner directories with code that exploits the latest 0-day vulnerability in Internet Explorer (CVE-2010-3962). This vulnerability was found only a few days ago and has not yet been patched.

The following web hacking incidents were added to WHID in the past week:
1. WHID 2010-216: DDoS: Myanmar attacks larger than those against Estonia and Georgia –
2. WHID 2010-215: Hacker Claims Full Compromise of Royal Navy Website –
3. WHID 2010-214: Attack cause Intuit Web-hosting service outage? –
4. WHID 2010-213: Cops: Hacker Posted Stolen X-rated Pics on Facebook –
5. WHID 2010-212: Cheapflights claims Twitter account hacked after X-Factor tirade –

Twenty-two porn sites — some riddled with spam and relating to drunken prostitutes — were accessed from a computer rented to a businessman by a travel agent, a court heard yesterday.
A computer virus crippled the travel firm's entire IT system for several days in 2008, leaving the company unable to send emails to its customers.
The company, Neenan Travel Ltd of South Leinster Street, Dublin, sued travel agent Omar Bounazou of Grangebrook Vale, Rathfarnham, Dublin, for more than €7,000, which was the cost of restoring its system.
In turn, Mr Bounazou claimed he was owed air-travel rebates worth more than €17,000, which he said were not passed on to him by the travel firm.

WASHINGTON — Details about the Stuxnet worm, a highly-engineered piece of malicious software that targeted industrial control systems, have trickled out since it made international news earlier this fall. The sophistication of the malware combined with its ability to target the controllers that run power plants and other infrastructure facilities impressed many security experts.
At a small conference on cybersecurity sponsored by TechAmerica, Symantec's Brian Tillett put a number on the size of the team that built the virus. He said that traces of more than 30 programmers have been found in source code.

Facebook continues being a popular target for malware authors as we discover yet another family that uses this popular social network to propagate. The main component, which we detect as Trojan:Java/Boonana, is written in Java which gives it cross platform capability infecting Windows, Mac and Linux users.

Are documents in the dossier as a list of names and mobile phone numbers and email addresses of senior law enforcement
The Executive ensures that the safety of the trip is 'guaranteed' after changing the details have been released
A citizen in the street found a portfolio of eleven sheets with alleged confidential information of the police presence planned for the Pope's visit to Barcelona to spend the Holy Family, as reported by the station Rac 1. She found him on Tuesday night while walking his dog on the Via Augusta in Barcelona, among Travessera de Gracia and Antúnez Lluís street in the heart of the city.
Sources of the Autonomous Police have said they will 'discuss and consider' the situation, and have traveled to the station to collect the documentation. Are documents in the dossier as a list of names and mobile phone numbers and email addresses of senior officers of the security forces, with the seal of the Ministry of Interior, which met Oct. 7 to discuss the organization Operations Coordination Center.

The Royal Navy's official website had to be shut down yesterday after it was infiltrated by a notorious hacker.
The internet rogue is said to have exposed worryingly lax security on the site.
Know only as TinKode, the Romania-based hacker claimed to have obtained an administrator username and password for the Ministry of Defencerun webpage. This potentially allowed access to highly-sensitive information on a database. The scare is a major embarrassment for the Government

Authorities in the United States and Moldova apprehended at least eight individuals alleged to have helped launder cash for an international cyber crime gang that stole more than $70 million from small to mid-sized organizations in recent months.
In Wisconsin, police arrested two young men who were wanted as part of a crackdown in late September on money mules who were in the United States on J1 student visas. The men, both 21 years old, are thought to have helped transfer money overseas that was stolen from U.S. organizations with the help of malicious software planted by attackers in Eastern Europe.

A hacker at Washington State University gave students and information-technology staff members another reason to remember the Fifth of November this year.
Students and instructors arriving for class on Friday morning were greeted by a video message automatically beamed onto projector screens in more than two dozen classrooms. The message was delivered by a hacker dressed up as V, the Guy Fawkes-inspired anti-hero of the 2006 movie V for Vendetta. After hacking into the university's academic media system, which manages classroom-presentation and distance-learning technology, the as-of-yet-unidentified culprit or culprits programmed motorized screens to unfurl themselves and scheduled projectors to broadcast the five-minute-long video once every hour. The video-ostensibly a diatribe against campus squirrels and a call to end student apathy-interrupted lectures and cut off access for distance-learning students until the IT staff was able to shut down the program in the early afternoon.

Online Services Vulnerabilities

Google Shop Online website sell the products online like souvenir.
" How do we keep your information secure?
The personal information that you provide to Google Store, including your credit card or other payment information, is maintained on secure servers and protected by industry-standard Secure Socket Layer encryption. When entering personal information, look for an icon at the bottom of your browser window that indicates you are on a secure page."

Unpatched Vulnerabilities

Adobe: hole closed, hole open []
Keeping track of which versions of which Adobe products have how many holes is beginning to be difficult. Adobe has confirmed a further unpatched hole in Adobe Reader that can very likely be exploited to infect a PC. Apparently, a flawed JavaScript function (Doc.printSeps) is responsible for the critical hole. An exploit is already in circulation, but it only causes the application to crash.

A security expert working at Alert Logic has published a demonstration back door exploit for smartphones running Android. Criminals could use the principles of this exploit to gain control of a phone and install trojans. A potential victim need only call a malicious web site for infection to occur.

In this article, I will discuss the security concerns I have regarding how URL Schemes are registered and invoked in iOS.
Now, let us assume the user has installed. Let us also assume that the user has launched Skype in the past and that application has cached the userʼs credentials (this is most often the case: users on mobile devices donʼt want to repeatedly enter their credentials so this is not an unfair assumption). Now, what do you think happens when a malicious site renders the following HTML?