From Wired.com (David Kravets)
A Swedish man has been indicted for attacks against NASA’s Ames Research Center and Cisco several years ago that netted the source code to Cisco’s IOS operating system, among other spoils. Wired’s Threat Level is reporting that Phillip Gabriel Pettersson was indicted for the attacks on Monday in California, but likely never will be prosecuted in the U.S.
Browsing Category: Malware
From Wired.com (David Kravets)
From Computerworld (Gregg Keizer)
Pirated copies of Windows 7 Release Candidate (RC) on file-sharing sites contain malware, according to users who have downloaded the upgrade.
Some of the pirated builds include a Trojan horse, numerous users said in message forums and in comments on BitTorrent sites such as Mininova.org. Read the full story [computerworld.com]
From Mercury News (Elise Ackerman)
A computer worm that has alarmed security experts around the world has crawled into hundreds of medical devices at dozens of hospitals in the United States and other countries, according to technologists monitoring the threat.
Around March 24, researchers monitoring the worm noticed that an imaging machine used to review high-resolution images was reaching out over the Internet to get instructions — presumably from the programmers who created Conficker.
James Butler and Peter Silberman of MANDIANT with Threatpost’s Robert Vamosi about malware and their new memory forensic software, Memoryze.
The Canadian House of Commons is considering bill C-27 [gc.ca], the Electronic Commerce Protection Act. In addition to providing civil penalties for unsolicited commercial e-mail (spam) and the unauthorized interception of e-mail (man in the middle attacks), it provides for similar penalties for the unauthorized installation of software.
The specifics of the software installation section of the bill are interesting. Read the full story [stopbadware.org]
In direct response to Conficker and an increased wave of malware attacks targeting the Windows AutoRun feature, Microsoft today announced significant changes to the way the operating system operates when USB drives are used.
The changes, detailed on Redmond’s Security Research & Defense blog, have been built into Windows 7 will be back-ported to Windows Vista and Windows XP in the near future. Read the full story [zdnet.com] Also see the Microsoft SR&D blog [technet.com]
The cooperative effort of ISPs, security vendors, volunteer groups and other interested parties has helped develop a quick and efficient method for taking down phishing sites, usually within hours or days of their appearance. However, many phishing sites that have been up for a week or more still send out quite a lot of spam and also draw in new phishing victims, according to a new paper by researchers at the University of Cambridge.
Security researchers are starting to sound the alarm [avertlabs.com] for e-mail scams related to news stories on the Swine Flu.
According to a notice from US-CERT, the attacks arrive via an unsolicited email message typically containing a subject line related to the Swine Flu. These email messages may contain a link or an attachment. If users click on this link or open the attachment, they may be directed to a phishing website or exposed to malicious code. Read the full advisory [us-cert.gov] for protection advice.
From ZDNet (Dancho Danchev)
In a recent blog post, the Cyber Secure Institute claims that based on their previous studies into the average cost of suck malware attacks, the economic loss due to the Conficker worm could be as high as $9.1 billion.
Despite that their analysis also considered a much limited infection rate (200,000 infected hosts), they claim that the cost of the virus in this case is still around $200 million. Read the full story [zdnet.com]
The interdependencies and interconnections of the networks that run the country’s critical infrastructure assets such as water, power and gas have created a dangerously fragile system in which security is just now becoming a priority, experts say. For years the priorities for these networks have been safety, compliance and reliability, while security has only become a factor very recently, a panel of security officers from telecom and utility operators said at the RSA Conference on Thursday.