Cyber Intrusion during February 2007
In total 858 Indian websites were defaced during February 2007. Mostly
the websites under .com domain were defaced by
the hacker groups. A chart depicting Top Level Domain(TLD) wise
defacements is shown in the figure.
The vulnerabilities which might have been exploited for the defacements are:
1.Multiple vulnerabilities in PHP
CVE-2007-0762
CVE-2007-0906
CVE-2007-0907
CVE-2007-0908
CVE-2007-0909
CVE-2007-0910
CIAD-2007-09
CIAD-2007-07
Statistics of Defaced Indian Websites in February 2007
Any proxy server that doesn't restrict its client base to its own set of clients and allows any other client to connect to it, is known as an open proxy server. An open proxy server will accept client connections from any IP address and make connections to any Internet resource.
CERT-In tracked 76 open proxy servers functioning in India during February 2007. All the concerned ISPs were alerted immediately to shut down the open proxy servers. A bar chart of open proxy servers tracked during this year is shown in the figure.
Statistics of Open Proxy Servers tracked during May 2006 - Feb 2007
The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during Feburary 2007 and their countermeasures alongwith wide-spreading malicious code like virus/ worm/Trojan are given below:
Microsoft Office Remote Code Execution Vulnerability
Microsoft Malware Protection Engine PDF File parsing vulnerability
Microsoft Office Malformed Record Vulnerabilities
Explorer, Microsoft Malware Protection Engine, Microsoft Data Access Components, HTML Help ActiveX Control and Microsoft office
Multiple vulnerabilities in PHP and SpamAssassin
Mozilla Products Multiple XSS, Spoofing and Remote Code Execution Vulnerabilities
Trend Micro ServerProtect
File Buffer overflow Vulnerability
File Buffer overflow Vulnerability
Sun Microsystem Solaris ld.so Directory Travaversal vulnerability
Solaris.Wanuk.Worm
It is a worm that spreads by exploiting the Sun Solaris Telnet Authentication Bypass Vulnerability described in CIVN-2007-23 and drops other malware.
[Source: www.Techworld.com]
Online attackers have briefly disrupted service on at least two of the 13 "root" servers that are used to direct traffic on the Internet. The attack, which began Tuesday at about 5:30 a.m. Eastern time, was the most significant attack against the root servers since an October 2002 distributed denial of service (DDOS) attack, said Ben Petro, senior vice president of services with Internet service provider Neustar Inc. Root servers manage the Internet's Domain Name System (DNS), used to translate Web addresses such as Amazon.com into the numerical Internet Protocol addresses used by machines.
Hack lets intruders sneak into home routers
[Source: www.cnet.com]
If you haven't changed the default password on your home router, let this recent threat serve as a reminder. Attackers could change the configuration of home routers using JavaScript code, security researchers at Indiana University and Symantec have discovered. The researchers first published their work in December , but Symantec publicized the findings on Thursday. The researchers found that it is possible to change the DNS, or Domain Name System, settings of a router if the owner uses a connected PC to view a Web page with the JavaScript code.
Viruses promise heartbreak on Valentine's Day
[Source: www.eweek.com]
Beware of e-mails bearing Valentine's Day greetings, or you may get a digital heartache. At least two romance-themed security threats are arriving in e-mail in-boxes on Wednesday, researchers have warned. One purports to be an electronic card from American Greetings and includes "Happy Valentine's Day!" in the subject line. When a recipient clicks on an in-message link to view the "card," however, a Trojan horse virus surreptitiously turns the computer into a spambot, or zombie, said Dmitri Alperovitch, a research scientist at Secure Computing.
Anatomy sheds new light on Storm Worm
[Source:www.theregister.com]
A deluge of Trojan-laced spam that slyly tricked recipients by promising information about winter storms ravaging Northern Europe last month was even more crafty than we thought.
Among the new revelations: The Storm Worm malware launched DDoS attacks on a host of websites related to spam, antispam and just about anything else that may have piqued the perpetrators' ire, according to Joe Stewart, senior security researcher for SecureWorks . It also appears to be a close descendant of worms that spread in November and December, a connection that few if any have made until now. Spam uses John Howard heart attack as phishing bait
[Source:
www.itwire.com.au]
Having seemingly exhausted the possibilities of sending phishing mails which use headlines stolen from the news, scammers have now come up with a new tactic: headlines that didn't even happen. Their first target: John Howard, who is claimed to be recovering from a heart attack in a new message now doing the rounds. "The Prime Minister of Australia, John Howard have survived a heart attack," the message ungrammatically claims, before adding that "the best surgeons of Australia are struggling for his life". The entirely fake message, dated February 18, also includes a large chunk of incomplete text apparently lifted from an online biography of Howard.
Trojan phishing attack claims multiple victims
[Source:www.theregister.com]
Security watchers have discovered a string of malicious websites that install Trojan code, allowing hackers to compromise end-user banking credentials for more than 50 financial institutions and ecommerce websites. Thousands of surfers a day are falling victim to the sophisticated attack, net security firm Websense warns. The websites are hosted in Germany, England, and Estonia, and use a round robin DNS, resolving to five unique IP addresses that change on each occasion.
'Pharming' attack hits 50 banks
[Source:Techworld]
An attack this week that targeted online customers of at least 50 financial institutions in the US, Europe and Asia-Pacific has been shut down, a security expert said Thursday.
The attack was notable for the extra effort put into it by the hackers, who constructed a separate look-alike Web site for each financial institution they targeted, said Henry Gonzalez, senior security researcher for Websense.
Global Banks Suffer “Pharming” Attacks
[Source:www.siliconrepublic.com]
A global financial scam ring attacked more than 65 financial institutions and e-commerce corporations worldwide and stole personal information from these companies using a new hacking technology called “pharming.” nternet security experts and financial circles at home and abroad said yesterday that the hacking first took place in Australia on February 19 and rapidly spread throughout the world, using an average of over 1,000 internet users daily to access sites and steal internet banking IDs and passwords.
Websites wide open to attack
[Source:www.techcentral.ie]
Study finds average of 66 flaws in online apps for every website.
Seven out of every 10 websites contains a security vulnerability that could allow attackers to steal confidential information or cripple the website, according to a study by security vendor Acunetix .“The results show clearly that the problem of unsafe web applications is being ignored completely,” said Kevin Vella, a vice president with Acunetix.
Kernel-level malware on the rise
[Source:www.vnunet.com]
Online criminals are increasingly turning to kernel-level malware to attack systems, according to security researchers at F-Secure . Kernel-level malware acts inside the operating system's kernel, the component that links the system to the computer's hardware. Traditional malware acts like a regular application that runs on top of the operating system. Kimmo Kasslin, a security researcher at F-Secure, said in a study that this type of malware is "a scary thought".
New NIST documents released
[Source:www.isc.sans.org]
The NIST (National Institute of Standards and Technology ) released yesterday 3 new documents:
1. SP 800-45 Version 2, Guidelines on Electronic Mail Security
2. SP 800-94, Guide to Intrusion Detection and Prevention Systems (IDPS)
3. SP 800-97, Establishing Wireless Robust Security Networks: A Guide to IEEE 802.11i
NIST releases info security documents
[Source:www.gcn.com]
The National Institute of Standards and Technology has published two new interagency reports designed to help auditors, inspectors general and senior management understand and evaluate information security programs.
NISTIR 7359 , titled “Information Security Guide for Government Executives,” is an overview of IT security concepts that senior management should grasp. NISTIR 7358 , titled “Program Review for Information Security Management Assistance (PRISMA),” lays out a standardized approach for measuring the maturity of an information security program.
Hacker faces jail for Trojan horse
[Source:www.vnunet.com]
A US man has pleaded guilty to charges of writing and distributing a Trojan horse designed to steal usernames and passwords. Richard C Honour, 31, faces a maximum five years in prison and a $250,000 fine after admitting releasing the malware.
The Trojan affected users of the DarkMyst IRC chatroom, which is popular with online gamers.
Using the name 'Fyle/Anatoly', Honour sent messages to other IRC users claiming to contain links to online movies.