...criminals are making use of the fact that Quicktime Player 7.6.6 allows movie files to trigger file downloads...the volume of reports picked up our ThreatSense.Net® telemetry suggests the likelihood of significant prevalence, though by no means an epidemic right now...
Archives - July 2010
Ron Bowes, an online security consultant had a thought which he put down on paper so that all the “ingenious” people might be informed. The first and last name (and similar lists) of 100 million users on Facebook is not a remarkable discovery. There is no delight in owning anything unshared. The information “exposed” is
I recently read a column on Chris Elliott’s travel site warning of a truly dishonest and despicable practice that Yahoo Travel and Travelocity are engaging in to attempt to trick people into buying trip insurance. When you go to these web sites and book a trip the screen shows you the price of the trip
My Spanish colleague Josep Albors has also commented on recent Facebook security issues. Mistakes in translation and interpretation are, as always, mine. The world's largest social network is a nearly inexhaustible news source: not only because it has reached 500 million users, or because it's the subject of a forthcoming film. It is also making
Despite all those people who honoured May 31st 2010 as Quit Facebook Day – well, 31,000 people, maybe not an enormous dent in the 500 million users Facebook recently claimed – Facebook marches on. Clearly they're doing something right. But what? It's probably not the personal charm of founder Mark Zuckerberg, who when he's not
Yesterday I blogged about a security company that found a high percentage of apps for the iPhone and for the Android were stealing user information. I call it stealing because the user is not aware of what personal data is leaving their phone. At the Blackhat Security Conference in Las Vegas the same company, Lookout
All this is potentially frightening and inconvenient (or worse) for a home user. And if it happens in a corporate environment, it can be very, very expensive to remedy. So while some of the public comments we see in the wake of such incidents may seem over the top, "FP rage" is certainly understandable.
Do you have an iPhone or an Android based phone? Wait, don’t tell me, if you installed some third party apps I can probably find out. According to Lookout Inc., in an article at http://news.yahoo.com/s/ap/20100728/ap_on_re_us/us_tec_techbit_apps_privacy many of the iPhone and Android apps include spyware. To be fair, Lookout Inc didn’t call it spyware, but that
Pierre-Marc and I reported a few days ago that we were seeing both new malware and older families starting to incorporate the same .LNK exploit used by Win32/Stuxnet. We also predicted that "...more malware operators will start using this exploit code in order to infect host systems and increase their revenues." Well, that was a pretty safe bet.
To being with, I was saddened to learn that Vern Buerg passed away in December 2009. Old timers will remember the name as his program LIST was one of the best shareware utilities in the history of DOS. Fast forward to 2010 and there’s a real need for a Windows Explorer replacement, at least until
We realize there have been a lot of articles in the blog now about the Win32/Stuxnet malware and its new vector for spreading, but when vulnerabilities emerge that can be widely exploited, it is important to share information so that people can protect themselves from the threat. Detection for Win32/Stuxnet and the shortcut (LNK) files
When you read about Stuxnet and that it used stolen digital certificates from Realtek and JMicron to sign the worm, you may have wondered what the significance of that is or why they did that. There are actually a couple of factors to consider. When you try to install certain types of software on Windows
These new families represent a major transition: Win32/Stuxnet demonstrates a number of novel and interesting features apart from the original 0-day LNK vulnerability, such as its association with the targeting of Siemens control software on SCADA sites and the use of stolen digital certificates, However, the new malware we're seeing is far less sophisticated, and suggests bottom feeders seizing on techniques developed by others. Peter Kosinar comments:
Perhaps you're getting as tired of this thing as I am (though with the information still coming in, I'm not going to be finished with this issue for a good while, I suspect). But without wishing to hype, I figure it's worth adding links to some further resources. There's a very useful comment by Jake
Kim Zetter’s article for Wired tells us that “SCADA System’s Hard-Coded Password Circulated Online for Years” – see the article at http://www.wired.com/threatlevel/2010/07/siemens-scada/#ixzz0uFbTTpM0 for a classic description of how a password can have little or no value as a security measure. Zetter quotes Lenny Zeltser of SANS as saying that ““…anti-virus tools’ ability to detect generic versions of
I've been banging on various forums for a while about the misuse of the ESET brand (among others) by fake support centres cold-calling victims and telling them they have "a virus" and charging them hefty fees to fix the "problem."
As I mentioned in a previous blog, Wired Magazine reported it would take a Nation State to pull off a takedown of the electric grid. Actually, Mother Nature, back hoes, and potentially a worm have had major impacts in the past, but the recent use of the LNK file vulnerability shows it doesn’t take the
On July 17th, ESET identified a new malicious file related to the Win32/Stuxnet worm. This new driver is a significant discovery because the file was signed with a certificate from a company called "JMicron Technology Corp". This is different from the previous drivers which were signed with the certificate from Realtek Semiconductor Corp. It is
Our colleagues in Bratislava have issued a press release which focuses on the clustering of reports from the US and Iran, and also quotes Randy Abrams, whose follow-up blog also discusses the SCADA-related malware issue at length. The Internet Storm Center has, unusually, raised its Infocon level to yellow in order to raise awareness of
The hot news http://blog.eset.com/2010/07/17/windows-shellshocked-or-why-win32stuxnet-sux is of a zero-day vulnerability that has been used to attack SCADA systems. This comes hot on the heels of an article on the Wired web site titled “Hacking the Electric Grid – You and What Army” http://www.wired.com/dangerroom/2010/07/hacking-the-electric-grid-you-and-what-army/. So clearly Wired had already predicted the origins, at least vaguely, of Win32/Stuxnet.