Computer Security Weblog

Adobe Reader has been patched (won’t be the last time) and you need to make sure you update it.  This patch fixes 8 security vulnerabilities.  We preach patching here.  If there is a security patch for any software you use, you need to update it.  Bad guys are out there will take advantage of you not patching your software.  The bad guys always will have an advantage when they exploit 0day vulnerabilities (no patch available), so when you have an opportunity to fix problems, then do it.  Patch, patch, patch!

Stay safe and have a great Tuesday!

Yep, you are reading that headline right. Yet another code injection attack that is new. Just prior to writing this post, it showed 855,000 pages infected with some malicious (BAD!!) code that was injected into legitimate sites. NoScript is one defense, since this code is hosted on another domain.

The attack that I wrote about that started last week just hasn’t really taken off. Doing a Google search shows 25,500 pages that were affected by this one. It is early in the game for both of these attacks so more details will come out later. I’ll do more checking on the current attacks to see where those bad sites are being hosted.

The two sites in this new attack are listed below.  I’ve altered the URL.  My advice is NOT to go to either of these sites.

hxxp://free.hostpinoy.info/f.js
hxxp://xprmn4u.info/f.js

Stay safe and HAPPY MOTHER’S DAY!!!

Well it doesn’t appear that this attack is spreading. I just did a Google search on one of the redirect domains and it showed only 14,000 pages. Not as efficient as the last one that blasted several hundred thousand pages. Still see some of the same names on this list and it seems that the smaller organizations who probably don’t have full time staff to work on them and may not even know their sites have been compromised. Here is a short list of a few of the domains that still are making an appearance in Google. Remember that they may have been cleaned and Google hasn’t caught up with their spiders.

hxxp://www.wiredseniors.com

hxxp://www.moviesunlimited.com

hxxp://www.seniorstravelguide.com

hxxp://www.cancerissues.com

hxxp://www.reducecholesterol.org

hxxp://www.coloradowheelchairsports.org

hxxp://www.peta.org    (All you PETA freaks can still go there though.  Happy Surfing.  All my friends stay clear)

hxxp://www.seniorshomeexchange.com

hxxp://www.adhdissues.com

hxxp://www.goodtime-tickets.com

hxxp://www.matcmadison.edu

hxxp://www.coolbuddy.com

I’ll give an update on this if things pick up.  If you want to see the number of sites infected Google with

winzipices.cn and you’ll get a pretty long list.  Stay away unless you want your PC compromised.  Stay safe and take care.

I don’t have a lot of information at this time other than it appears that there is another SQL injection attack similar to the attacks we’ve seen where legitimate sites are redirecting to sites in China that are then launching different attacks that can compromise a machine. It may take a few days but there will be more information coming out about the details of this attack but at this time, there isn’t a lot out there. If you want to read more, you can go to the Internet Storm Center page by clicking here and reading what they know.

As more information becomes available, I’ll post another story. Take care and have a safe week!

Stories last week came out that the folks in Redwood had a closed door meeting with law enforcement. Here is an excerpt about this story.

Botnet fighters have another tool in their arsenal, thanks to the folks at Microsoft. The software vendor is giving law enforcers access to a special tool that keeps tabs on botnets, using data compiled from the 450 million computer users who have installed the Malicious Software Removal tool that ships with Windows. Although Microsoft is reluctant to give out details on its botnet buster — the company said that even revealing its name could give cyber criminals a clue on how to thwart it.

Microsoft company executives discussed it at a closed door conference held for law enforcement professionals Monday. The tool includes data and software that helps law enforcers get a better picture of the data being provided by Microsoft’s users, said Tim Cranton, associate general counsel with Microsoft’s World Wide Internet Safety Programs. “I think of it … as botnet intelligence,” he said.

Kind of cool I thought. But makes one wonder how much information Microsoft is keeping on it’s customers which are the majority of the folks online.

Stay safe and have a great week!!

Last week, the security researchers at GNUCitizen reported another vulnerability in Apple’s QuickTime.  It has been reported to Apple and soon we’ll see another security patch from the folks at Apple.  This is just a lesson learned.  Software like QuickTime, RealPlayer, Windows Media Player, WinZip, Adobe Reader, instant messaging applications like AOL’s AIM, Yahoo Messenger, Google Talk, etc.  Think of all the software you use online.  How many of those applications have an automated update process for security patches?  This is one area Microsoft is actually gotten good at.  Apple too has an automated process.  More and more, applications are becoming more automated.

It may be a good practice for you to find the way you can check software that you use for updates.  They all have them.  Some have them under the Help in the top part of the window of the application.

Have a safe weekend!

With the news of over 500,000 web pages this past week.  If you are a reader of my blog, you’ve heard me suggest that you use an alternative browser like FireFox.  Not that FireFox is ’safe’, because all software written has vulnerabilities.  That is a fact.  But you can combat these types of attacks by using FireFox and then install the add on call NoScript.  After installing this, you will control what scripting gets executed.  These attacks are always pointing at bad places such as servers hosted in our friendly nation of China.  If you were to go to a site that was hacked, you would have seen this script and those funny host names mentioned in my previous post.

Make the switch if you haven’t already.  FireFox has great features and using some of these add ons will actually protect you from these JavaScript injection attacks.  Take care and have a safe week!

Well this past week, another large scale hacking of legitimate sites including some belonging to the UN, the UK government, .edu sites, and many travel sites to name just a few.  The hack includes a re-direct that pointed visitors to the exploited sites to some servers in China and ran 8 exploits including MS07-004 for IE.  This has now become a more common exploit that attacks trusted sites then it can direct it to the criminal attackers bad websites.  The two sites it pointed to were IP’s that belonged to China.  Surprise!

Just do a Google search with these sites and you will see how wide spread the problem is.  Search on these but don’t go to any of these sites.   nihaorr1.com, and haoliuliang.net.

The lessons learned here are these.  No longer can we say there is something called trusted sites.  I use the Firefox browser and use an add-on called “NoScript”.  Check it out.  It allows you to control what JavaScript runs and what doesn’t.  And of course patching is VERY important.  Patch your Microsoft software, your Firefox browser, QuickTime, iTunes, RealPlayer, WinZip, Adobe Reader, Adobe Flash, and any other software that you use.  Here are the facts.  Due to crappy programming, the Computer Security field is going strong.  This is the core problem.  Not any easy answers here to solve but you can doe the things mentioned above.

Stay safe out there and I’ll be posting another story later this weekend.  I’ve been busy and haven’t had too much time.  We have been tracking this particular story where I work and I wanted to pass this along to you also.  Rock Chalk Jayhawk GO KU!!!  And remember, North Carolina Tarheel fans don’t have to listen to any of my advice.

A common question I ask when giving presentations on computer security, I ask how many people have changed their password for the personal e-mail accounts in the past year.  In the corporate world, you can control how often a user has to change their corporate password at work.  Most answers I get back from the question about their personal password on their e-mail accounts is that they never have or maybe one time they did a couple of years ago.

Now lets think about an attacker who compromises your home PC.  He has a keylogger (a program that records a users keystrokes and sends them back to an attackers evil server) and they have recorded you typing your personal e-mail account.  OK, now lets think.  If you happen to bank at a large national bank, you have a PayPal account, you have an eBay account and many other common online accounts that a criminal attacker might be able to take over for his nefarious activities.  Do you have user name and passwords that are common to your personal e-mail account?  Am I making you think about changing your password and using different user names and passwords for other accounts?  Hopefully so.

Lesson learned here is to change your password and don’t share user names and passwords with other financial accounts that you might have.  Think about using a strong password by using upper, lower, numbers and special characters to create a strong password.  Use a password that is actually longer than 8 positions long.  Use something like a pass phrase that will be easier for you to remember.

Hope everyone’s weekend is going great and stay safe out there.

The National Cyber Security Alliance (NCSA) announced study findings that 71 percent of consumers lack the knowledge on cyber criminals’ weapon of choice and the Internet’s fastest growing threat — botnets. This is sadly telling a story that I and many other computer security professionals already know. Botnets have comprised mostly of consumers’ computers and are increasingly being used to perpetrate identity theft and spread viruses.
“Last June, the FBI identified more than one million computers infected with malware which could have been hijacked and used as part of an army of bots to attack other computers, spread malware, or attack our nation’s infrastructure,” said Ron Teixeira, executive director of the NCSA. These results were announced at the RSA conference last week. “Botnets continue to be an increasing threat to consumers and homeland security. Consumers’ unsecured computers play a major role in helping cyber criminals conduct cyber crimes not only on the victim’s computer, but also against others connected to the Internet.”
The study also shows that Americans are largely unaware their computer’s security plays a role in our nation’s security and preventing online crime. The scary think is a majority of respondents think it is not likely their computer could affect homeland security while only 51 percent think it is possible for a hacker to use their computer to launch cyber attacks.
“It is alarming that consumers do not know how to secure their computers,” said Teixeira. “It is important for consumers to understand that safe cyber security practices not only protect them from identity theft, but also prevent cyber crime and attacks. By taking simple steps, consumers can protect themselves from cyber crimes and join our effort to protect other Internet users.”

Additional findings from the study* include: — 71 percent have never heard the phrase “botnet” — the weapon of choice for cyber criminals — 59 percent think it is not likely their computer could affect homeland security — 47 percent believe it is not possible for a hacker to use your computer to launch cyber attacks or crimes against other people, businesses and our nation — 51 percent have not changed their password in the past year — 48 percent do not know how to protect themselves from cyber criminals — 46 percent of consumers are not sure of what to do if they became a victim of a cyber crime.

I say this to you… your biggest weapon against the criminal attackers is knowledge. Educate yourself on the steps you can take to secure your PC at home.

Congrats to my Kansas University Jayhawks for winning the NCAA National Championship. Gotta love those Hawks! As we like to say around this part of the country, Rock Chalk Jayhawk. GO KU!!! Have a safe week.