In this month CERT-In tracked 4 C&C (Command & Control) servers and 4934 bot-infected computers existing in India.The concerned ISPs were intimated to dis-infect the bot infected systems and C&C servers to mitigate botnets.
Cyber Intrusion during August 2007
In total 345 Indian websites were defaced during August 2007. A chart depicting Top Level Domain(TLD) wise defacements is shown in the figure.
The vulnerabilities which might have been exploited for the defacements are:
1. PHP msql_connect() Buffer Overflow and PHP-Nuke Multiple Cross-Site Scripting (XSS) Vulnerabilities CIAD-2007-43
2. PHP Win32std Extension Local Buffer Overflow Vulnerability CVE-2007-4441
3. PHP 5.2.3 php_ntuser ntuser_getuserlist() Local Buffer Overflow vulnerability
CVE-2007-4507
4. Apache Tomcat Error Message Reporting Cross Site Scripting Vulnerability CVE-2007-3384
5. Multiple Vulnerabilities in Apache Tomcat CIAD-2007-44
Statistics of Defaced Indian Websites in August 2007
Any proxy server that doesn't restrict its client base to its own set of clients and allows any other client to connect to it, is known as an open proxy server. An open proxy server will accept client connections from any IP address and make connections to any Internet resource.
CERT-In tracked 55 open proxy servers functioning in India during August 2007. All the concerned ISPs were alerted immediately to shut down the open proxy servers. A bar chart of open proxy servers tracked during this year is shown in the figure.
Statistics of Open Proxy Servers tracked during Jan - Aug 2007
The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during August 2007 and their countermeasures alongwith wide-spreading malicious code like virus/ worm/Trojan are given below:
named as PictureAlbum2007.zip
January 2007 through email attachments with subject lines related to European storm video.
Trojan.Peacomm (Symantec), CME-711
DoS Attack Feared As Storm Worm Siege Escalates
[Source:
www.informationweek.com]
August 2, 2007
As the Storm worm grows into a prolonged online siege 10 times larger than any other e-mail attack in the last two years -- amassing a botnet of nearly 2 million computers -- researchers worry about the damage hackers could wreak if they unleash a denial-of-service attack with it.Between July 16 and Aug. 1, researchers at software security firm Postini have recorded 415 million spam e-mails luring users to malicious Web sites, according to Adam Swidler, a senior manager with Postini. Before the Storm worm began its attack, an average day sees about 1 million virus-laden e-mails crossing the Internet. On July 19, Postini recorded 48.6 million and on July 24, researchers tracked 46.2 million malicious messages -- more than 99% of them are from the Storm worm.
Storm Botnet Behind Canadian DoS Attack
[Source:
www.informationweek.com]
August 13, 2007
Researchers are blaming the virulent Storm worm for a widespread denial-of-service attack that hit Canadian Web sites over the weekend.The attack may have been unfocused and unsuccessful, but it could have been an early test of the denial-of-service power that the Storm worm botnet now holds.
Johannes Ullrich, chief research officer at the SANS Institute and CTO for the Internet Storm Center, said in an interview that while sites in Canada were "pounded" over the weekend, he doesn't think it was a targeted denial-of-service attack. The attacks weren't aimed at any particular Web sites. It was just spread across a wide swath of the Internet.
Storm Worm using YouTube
[Source: www.f-secure.com]
August 26, 2007
The latest twist with the Storm Worm / Zhelatin e-mails is that the e-mails now contain fake links to YouTube. In reality, the link redirects to a Zhelatin distribution site. They've added a YouTube logo to the page and the link now points to video.exe. Otherwise it's the same old game.
Storm Worm of a thousand faces
[Source:
www.theregister.com]
August 21, 2007
Authors of a particularly nasty piece of malware known as Storm Worm have yet again shifted their tactics. They are creating a flood of email hoaxes that try to install a bogus "applet" so victims can redeem membership benefits to clubs related to music, online dating and other interests.
The new emails bear subject headings such as "User info," "Membership support" and "Login information," and contain purported login credentials for sites that offer the gamut of services tailored to online music aficionados, cat lovers and poker players, according to this post by F-Secure.
Universities warned of Storm Worm attacks
[Source:www.theregister.com]
August 17, 2007
Colleges and universities have come under attack by Storm Worm botnets following attempts to detect infections through vulnerability scanning, a response centre for academic networks stated last week.The Research and Education Networking Information Sharing and Analysis Centre (REN-ISAC) sent out the warning last Thursday following "numerous incidents" and advised school information technology managers to respond quickly to any infection on their networks.
Storm Worm Attack Shifts To Malicious Web Pages
[Source:
www.informationweek.com]
August 09, 2007
Storm worm attacks have always come in the form of massive e-mail campaigns, but researchers have spotted the attackers creating malicious Web sites. The virulent Storm worm which has been hammering the Internet has changed tactics, opening up a new attack vector. Researchers at SecureWorks discovered late Wednesday that the Storm worm authors have taken their full attention off of e-mail-based attacks and have started creating malicious Web pages. E-mail-based attacks -- phony e-cards and fake news alerts -- have worked exceedingly well, helping the attackers build up a botnet at least 1.7 million strong , according to SecureWorks.
Spammers debut FDF spam
[Source:www.theregister.co.uk]
August 13, 2007
Spammers have begun experimenting with a new file format as part of their ongoing quest to slip their tiresome messages past junk mail filters.Following on from junk mail messages in the images of emails or in PDF attachments, users now have to contend with spam messages in the FDF (Forms Data Format). FDF files can be read by Acrobat or other PDF reader packages.
Latest Nuwar Spamming Uses YouTube Lure
[Source:www.avertlabs.com]
August 27, 2007
McAfee Avert Labs has observed a new trend in W32/Nuwar spamming over the weekend. The authors of this malware have resorted to spamming HTML formatted emails that pretend to be from a friend sending a link to a video from YouTube. A copy of the spammed email is as follows:
Old worm threat returns
[Source:www.techworld.com]
August 24, 2007
An old worm known as Slammer, which originated back in January 2003, is still going strong according to Gunter Ollmann, director of security strategy at IBM's Internet Security Systems (IBM ISS).
Ollmann, the author of the white paper " Old threats never die ," says that Slammer is still the threat most commonly encountered by IBM ISS.But it isn't just high-profile vulnerabilities and malware that are a problem, Ollmann said. In effect, the security industry is now witnessing a snowball effect, where threats are accumulating at an "exponential" rate, and it isn't really possible to eradicate any of those threats.
e-Passports get hacked in new security threat
[Source:www.money.cnn.com]
August 06, 2007
As the nation grapples with difficulties getting new passports, a technology researcher has found another problem with the radio frequency ID technology the new documents carry. Computer security expert Lukas Grunwald cloned and manipulated the content of an RFID passport, then used the hacked e-Passport to crash the machine needed to read it.Grunwald says that although the passport wasn't American the threat certainly extends to American passports, which use similar technology. RFID technology combines silicon chips with antennas to make data accessible via radio waves. It's already a $650 million industry, according to ABI Research, which expects the market to more than triple by 2011.
Monster data theft also hit U.S. job site
[Source: www.news.com.com]
August 31, 2007
The theft on the USAjobs.gov site, which has about 2 million users, was part of a hacking operation apparently run out of Ukraine that Monster disclosed last week, said Peter Graves, a spokesman for the U.S. Office of Personnel Management.Monster runs the site on behalf of the government.On Wednesday, the government temporarily restricted recruiters from accessing the database until Monster completes efforts to ensure its computer system is secure, Graves said."We disabled it yesterday as an extra precaution on our part to best protect our users," he said by telephone late on Thursday.
German gov't PCs hacked, China offers to investigate
[Source: www.computerworld.com]
August 28, 2007
Chinese premier Wen Jiabao described reports of Chinese hackers breaking into German computers as a matter of "grave concern" and said Monday that his country will cooperate with Germany to resolve the matter.Jiabao's comments, made during a press conference with German Chancellor Angela Merkel in Beijing, were prompted by a report published two days earlier in the German news magazine Der Spiegel claiming that Chinese hackers had been able to infect German government computers with spyware.
Merkel said that for Chinese relations with industrialized countries to move ahead, everyone needs to "respect a set of game rules" and "protect intellectual property rights."
Sony pleads innocent in latest rootkit fiasco
[Source:www.news.com.com]
August 31, 2007
Sony says the rootkit-like behavior of a device driver used to run its biometric Micro Vault USM-F thumb drive was unintentional.Sony Sweden spokesman Fredrik Fagerstedt told local press this week that sometimes even actions undertaken with "good will" can go wrong.Fagerstedt's comments came the same day that antivirus firm McAfee joined the growing chorus of companies criticizing Sony for compromising its customers' security. The Micro Vault drive is a USB device featuring fingerprint-reading software intended to add an extra layer of security for PC users. The software needed to be installed on the PC for the USB to work contains the rootkit technology.
NIST Draft Special Publication
[Source:www.csrc.nist.gov]
August 02, 2007
Draft Special Publication 800-111 Guide to Storage Encryption Technologies for End User Devices
Draft Special Publication 800-48 Revision 1 Wireless Network Security for IEEE 802.11a/b/g and Bluetooth
How to neutralize today's worst Web attacks
[Source:www.networkworld.com]
August 22, 2007
Symantec recently posted details about a new version of MPack, a for-sale Web attack kit that loads up a site with exploits against Windows, QuickTime , and WinZip . The $400 kit was used in the June Italian Job online assault that hijacked tens of thousands of Web sites, most of them in Italy . Crooks can buy MPack and a host of other nefarious programs on a thriving online black market . In its post, Symantec listed only which holes the new MPack version targets; I followed up with the company to get specifics and links to fixes.
300,000 malicious items approaching fast
[Source:www.avertlabs.com]
August 01, 2007
The new threat comes from a number of newly registered Web sites that pretend to represent Italian organizations, but are really just vehicles for using malicious IFrames to spread malware.The Italian job that last month saw more than 10,000 legit Web pages embedded with malicious IFrames has resurfaced, this time with even more international intrigue. Last month's threat pushed malicious HTML files onto Web pages of several Italian Web sites and infected Web surfers visiting those sites.