Honeynet Project Launches ‘Ghost’ To Snare USB Malware

The Honeynet Project launched a new project Thursday that is designed to snare malware that spreads by infecting removable USB (universal serial bus) storage drives, citing the increased reliance of malicious programs on portable drives to move from computer to computer.

Attacks Targeting US Defense Contractors and Universities Tied to China

UPDATE: Researchers have identified an ongoing series of attacks, possibly emanating from China, that are targeting a number of high-profile organizations, including SCADA security companies, universities and defense contractors. The attacks are using highly customized malicious files to entice targeted users into opening them and starting the compromise.

Claims surfaced earlier this week that the French security firm VUPEN, which is known for selling zero-day vulnerabilities to third parties, had been compromised and more than 100 of the company’s secret bugs had been leaked. However, VUPEN’s CEO said that the claims were totally false and there was no hack, let alone a leak of the company’s vulnerability inventory.

The past week has brought to light more revelations about the mysterious Flame (or sKyWIper) worm that was first identified at the end of May. Among them: the eye-popping admission from Microsoft that the malware’s authors found a way to use that company’s Windows Update feature to distribute the malware.

The details of the collision attack used by the Flame malware authors to create a forged code-signing certificate for Microsoft code are beginning to emerge, and the company said that the attackers used an MD5 hash collision specifically to ensure that their attack would work on machines running Windows Vista and later versions of the OS. Microsoft also said that it will roll out some hardening changes to its Windows Update infrastructure to prevent the kind of man-in-the-middle attack that Flame used.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.