Weekly brief - October 5 2009

Deviousness
The Times of India reports that a senior military officer was socially engineered by a caller posing as a joint secretary in the defense ministry. The defense ministry and branches of the military had to issue a memo telling their staff not to talk to strangers.

Banking Trojans just keep getting smarter. The latest one calculates how much money to steal from online bank accounts to allay suspicion among victims and dodge antifraud systems, according to a report from anti-malware company Finjan. Criminals used the LuckySploit crimeware toolkit to install the URLZone Trojan, infecting around 7.5% of visitors. The Trojan also displayed false online bank statements to infected users to hide the amount of money that had been stolen.

SecureWorks says that the Monkif/DlKhora botnet is hiding its command and control instructions inside headers designed to fool systems into thinking that the command and control server is returning a JPG image. This does not appear to be stenography, as some outlets have reported, because the server makes no attempt to create an actual image, and the data would be interpreted as a malformed JPG if an image reader attempted to parse it.

PandaLabs says that it has detected five million new strains of malware in the last three months. Most of them were banking Trojans, it says.

The search engine results poisoning trend continues, and it seems to be heavily linked to the distribution of rogue anti-virus software. Searches for news about last week's earthquake off the coast of Samoa turned out results that in some cases bounced users to redirected pages, according to F-Secure. Criminals are exploiting any popular trend, and have also targeted searches for Google Wave, the new communications service from the search giant, which offered a limited number of beta account invitations recently.

Defenses
The Mozilla Foundation has released an early version of the Firefox browser designed to combat cross site scripting attacks. It uses a technology called Content Security Policy (CSP) to define a white list of trusted domains in the header of a webpage. Only script from these trusted domains runs in the new browser.

Still, villains continue to innovate, finding new ways to exploit browsers. The team behind the Alpha Antivirus rogue AV tool uses a copied Firefox warning screen to dupe users into thinking that they have an infected machine.

The Federal Chief Information Officers Council recommends a risk-based decision-making process when choosing whether to permit the use of social media in federal departments and agencies. The recommendations were made in a new document called Guidelines for Secure Use of Social Media by Federal Departments and Agencies.

The Department of Homeland Security will hire up to 1000 cyber security experts over the next three years, say officials.

Oxygen Software has released version 2.4 of its Oxygen Forensic Suite. Included are a new file browser, along with e-mail extraction from Nokia's series 40 3rd edition devices.

Disappointments
Open source guru Richard Stallman has egg on his face, after admitting that he has no proof of a back door in Apple's OSX operating system. Nevertheless, the company has a history of making users install harmful software changes and misleading users about their purpose, he insists.

The Independent Oracle Users Group has found a 50% increase in data breaches since last year, and a third fewer resources being made available for data security compared to last year.

 

What’s Hot on Infosecurity Magazine?