Cyber Intrusion during December 2006
In total 430 Indian websites were defaced during December 06. Mostly the websites under .com domain were defaced by the hacker groups. A chart depicting Top Level Domain(TLD) wise defacements is shown in the figure.
The vulnerabilities which might have exploited for the defacements are:
PHPNews "link_temp.php" Cross-Site Scripting Vulnerabilities
December 04 , 2006
CVE-2006-6356
CVE-2006-6357
PHP "sscanf()" Format Specifier Handling Security Bypass and Code Execution Vulnerability
September 26, 2006
CIAD-2006-35
Statistics of Defaced Indian Websites in December 2006
Any proxy server that doesn't restrict its client base to its own set of clients and allows any other client to connect to it, is known as an open proxy server. An open proxy server will accept client connections from any IP address and make connections to any Internet resource.
CERT-In tracked 62 open proxy servers functioning in India during December 2006. All the concerned ISPs were alerted immediately to shut down the open proxy servers. A bar chart of open proxy servers tracked during this year is shown in the figure.
Statistics of Open Proxy Server tracked during 2006 (up to December)
CERT-In Participated in APCERT International Incident Handling Drill 2006
On 19 th December, 2006 Asia Pacific Computer Emergency Response Team (APCERT) conducted APCERT International Incident Handling Drill, 2006. This annual drill was aimed to test the timeliness and response capability of leading Computer Incident Response Teams (CSIRTs) from Asia Pacific region. This year, 15 security Teams from 13 economies ( Australia, Brunei, China, Hong Kong, India, Japan, Korea, New Zealand, Malaysia, Singapore, Thailand, Chinese Taipei and Vietnam) participated in the APCERT Drill 2006. CERT-In actively participated in the APCERT Drill, 2006.
[More]
The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during December 2006 and their countermeasures alongwith wide-spreading malicious code like virus/ worm/Trojan are given below:
Microsoft Word Document Handling Memory Corruption and Code Execution Vulnerability
Microsoft Windows Media Player ASX Playlist Heap Overflow Vulnerability
Microsoft Internet Explorer Memory Corruption and TIF Folder Information Disclosure Vulnerabilites
Explorer, Outlook Express, Visual Studio and Windows Media Player
Vulnerabilities in Sun Java JRE
Linux Kernel "ip_summed" Memory Corruption Vulnerability
http://www.symantec.com/enterprise/security_response/writeup.jsp?
docid=2006-120812-1846-99&tabid=1
http://www.symantec.com/enterprise/security_response/writeup.jsp?
docid=2006-121314-2529-99&tabid=1
Cyber Crime Hits the Big Time in 2006
[Source: washingtonpost.com]
Computer security experts say 2006 saw an unprecedented spike in junk e-mail and sophisticated online attacks from increasingly organized cyber crooks. These attacks were made possible, in part, by a huge increase in the number of security holes identified in widely used software products.
Phishing 2006: The Year in Review
[Source: Symantec]
Now that we're near the end of the year, I thought I'd spend some time looking back at the phishing threat and reviewing some of the noteworthy trends. There are three high-level aspects that I'd like to touch upon:
1) The overall increase in phishing activity
2) New phishing attack vectors
3) New antiphishing techniques
MCAfee Avert Labs Unveils Predictions For Top Ten Security Threats In 2007 As Hacking Comes Of Age
[Source: MCAfee]
SANTA CLARA, Calif., November 29, 2006-McAfee, Inc. (NYSE: MFE) today announced its top ten predictions for security threats in 2007 from McAfee Avert Labs. According to McAfee Avert Labs data, with more than 217,000 various types of known threats and thousands more as yet unidentified, it is clear that malware is increasingly being released by professional and organized criminals.
In no particular order, McAfee Avert Labs' top 10 security threats for 2007 are:
- The number of password-stealing Web sites will increase using fake sign-in pages for popular online services such as eBay
- The volume of spam, particularly bandwidth-eating image spam, will continue to increase
- The popularity of video sharing on the Web makes it inevitable that hackers will target MPEG files as a means to distribute malicious code
Hackers target 4,000 Indian websites
[Source: First.org]
Even amid growing concern over cyber security, hacker groups defaced at least 340 Indian websites during November 2006, up from 244 sites targeted during last month. This takes the total number of Indian sites (government and non-government), that came under attack by hackers in the first nine months of the year, to over 4,000.
'Merry Christmas to our heroes' e-mail installs malicious code
[Source:Computerworld]
A popular Christmas PowerPoint file has been modified to incorporate malicious code that gives an attacker unauthorized access to infected systems, iDefense warned today.
In an e-mail warning, iDefense said that the e-mail with the subject "Merry Christmas to our hero sons and daughters!" and the attachment Christmas+Blessing-4.ppt "silently installs a backdoor Trojan horse on vulnerable computers." This version of the Hupigon (sometimes also called Hupigeon) Trojan installs two files on a compromised system, according to Ken Dunham, director of iDefense's Rapid Respones Team: msupdate.dll (18,507 bytes) and sdfsc.dll (3 bytes).
Ball drops on 'Happy New Year!' worm
[Source:
Computerworld]
VeriSign Inc. is warning of a new e-mail worm arriving in in-boxes with the subject "Happy New Year!"
The message, currently being spread from 160 e-mail domains, requires users to click on the attached "postcard.exe" file in order to cause damage. The file will install several different malicious code variants, including Tibs, Nwar, Banwarum and Glowa, on the computer. It then executes mass mailings from the infected computer.
First MMS exploit for phones has been released
[Source:First.org]
On late Friday the 29th of December, Collin Mulliner published proof-of-concept exploits of MMS vulnerabilities that he discovered six months ago. When Collin first discovered the vulnerabilities he informed the software vendors, but as he has not received a report within half-a-year, he decided to now publish the exploit at the 23rd Chaos Communication Congress in Berlin.
Phishers' Latest Platforms: VoIP, SMS
[Source:informationWeek]
Phishers have branched out beyond e-mail, a security researcher said, and are now exploring both VoIP and text messaging as attack avenues.
Voice over IP is attractive to identity fraudsters, said Zulfikar Ramzan of Symantec's Advanced Threat Research group, in a company blog entry Tuesday, because it's an affordable way to dial large numbers of phone numbers. Dubbed "vishing" for voice phishing, "such attacks can be conducted cheaply enough that phishers might see a sufficient return on their investment," Ramzan said. Phishers substitute phone numbers for URLs in traditional e-mailed come-ons or dial consumers directly, circumventing e-mail entirely.
Researchers developing tool to combat Internet auction fraud
[Source:smh.com.au]
Carnegie Mellon University researchers are relying on an old adage to develop anti-fraud software for Internet auction sites: It is not what you know, it is who you know.
At sites like eBay, users warn each other if they have a bad experience with a seller by rating their transactions. But the CMU
Financial services firms share security tactics
[Source:ComputerWorld]
Some of the top players in the financial services arena -- such as Visa U.S.A Inc., JPMorgan Chase & Co. and Experian International Ltd. -- are expanding their tactics for preventing customer data loss.
IT security managers convening at two interrelated conferences in New York this week said their firms are adopting both new network defenses and organizational structures to lower risk of a data breach.