In this month 2 of Indian websites were compromised to spread malicious link. CERT-In alerted its constituents through the advisory CIAD-2007-14 for taking appropriate preventive steps.
Cyber Intrusion during March 2007
The vulnerabilities which might have been exploited for the defacements are:
- CERT-In Vulnerability Note CIVN-2007-34
Internet Explorer 7 navcancl.htm Cross-Site Scripting Vulnerability - CERT-In Vulnerability Note CIVN-2007-37
Cross Site Scripting Vulnerability in Oracle Application Server - CERT-In Vulnerability Note CIVN-2007-33
Linux kernel bufprint function buffer overflow vulnerability - CERT-In Vulnerability Note CIVN-2007-32
Apache Tomcat Mod_JK.SO Stack Overflow Vulnerability
Statistics of Defaced Indian Websites in March 2007
Any proxy server that doesn't restrict its client base to its own set of clients and allows any other client to connect to it, is known as an open proxy server. An open proxy server will accept client connections from any IP address and make connections to any Internet resource.
CERT-In tracked 109 open proxy servers functioning in India during March 2007. All the concerned ISPs were alerted immediately to shut down the open proxy servers. A bar chart of open proxy servers tracked during this year is shown in the figure.
Statistics of Open Proxy Servers tracked during June 2006 - March 2007
The critical and medium vulnerabilities in various Operating Systems, Application software and Network devices discovered during March 2007 and their countermeasures alongwith wide-spreading malicious code like virus/ worm/Trojan are given below:
Microsoft Windows Animated Cursor vulnerability
Linux Kernel DCCP Memory Disclosure Vulnerability
docid=2007-032316-0426-99
Gozi Trojan
It has been reported that a Trojan “GOZI” is spreading in the wild to steal SSL encrypted data. This Trojan spreads by exploiting recent vulnerabilities of Internet Explorer and uses the rootkit capabilities to hide itself.
docid=2007-032912-0728-99&tabid=2
TROJ_ANICMOO.AX
Phishing threats triple
[Source: www.techworld.com]
Online identity theft threats tripled in the first two months of 2007 as attackers shifted to simpler, more effective tactics, according to Cyveillance
The risk monitoring company compiled data from its internet sweeps to report that the average daily count of URLs hosting malicious downloads climbed to 60,000 in February, 200 percent over the December 2006 figure. A single-day spike mid-month came close to 140,000 such sites.
Blogger.com 'riddled' with malware
[Source: www.theregister.co.uk ]
Blogger.com, home of the weblog publishing system owned by Google, has been infiltrated by a number of phishing sites, security watchers report.
In some cases, the Stration mass mailer is being used to drive traffic to these fraudulent sites. One such scam is a "storefront" for Pharmacy Express, which redirects from a Blogspot.com (now Blogger.com) link. The site is designed to harvest the personal information of prospective marks. Study: Identity theft keeps climbing
[Source: www.news.com.com]
Gartner's study, released Tuesday, shows that from mid-2005 until mid-2006, about 15 million Americans were victims of fraud that stemmed from identity theft, an increase of more than 50 percent from the estimated 9.9 million in 2003.
It should be noted that the 2003 statistics and the mid-2006 statistics came from two different sources--and hence, two different statistical methodologies. The original 9.9 million figure came from the Federal Trade Commission, whereas the 15 million statistic is Gartner's own.
FBI: Internet crime pays
[Source: www.theregister.co.uk ]
Cyber-crime is alive and kicking in the USA , and playfully swimming through its riches like Scrooge McDuck in a money vault, the FBI's Internet Crime Complaint Center annual report reveals today. In 2006 US consumers filed 207,492 complaints about internet crime and reported record losses of $198.4m. Online auction fraud, such as receiving a different item than expected, topped the list, accounting for 44.9 per cent of complaints. Undelivered merchandise and payments were next in line, accounting for 19 per cent.
Most websites are open to attack
[Source: www.techworld.com]
Businesses leave themselves open to application-layer attacks because they don't understand their networks lack defences to deflect them. That's according to a study by Forrester Research, which found that "Most enterprises are not even aware that their traditional network firewalls cannot protect against these attacks". The report Web Application Firewall Forecast: 2007 to 2010 predicts that demand for web application firewalls (WAFs) will increase over the next three years, then drop.
Web attacks get personal
[Source:www.techworld.com]
Malware makers are increasingly tailoring their attacks to specific classes of victim, according to researchers with the Internet Security Systems' X-Force team at IBM. X-Force experts said that malware writers, phishers, and botnet herders are more frequently using so-called personalisation tools to make their attacks more effective. Much like the online marketing companies that gather information to target advertising at individual web users, criminals are scanning readily-available details about people's computers to more easily find victims.
Microsoft's search excels in spreading malware
[Source: www.theregister.co.uk ]
Everybody knows that Windows Live Search, Microsoft's little search engine that could, lags far behind Google and Yahoo! in the race to capture eyeballs. Here's one place where the software juggernaut's offering leads the pack: referrals for sites that actively try to infect end users' machines with some of the vilest malware known to man.