From ZDNet (Dancho Danchev)
The official web site of Paul McCartney (paulmccartney.com) has been compromised, and is serving live exploits to its visitors [zdnet.com].
According to Mary Landesman [scansafe.com], the compromise might have occurred through stolen FTP accounting data, taking into consideration the fact that the campaign is also present at several different flat HTML only web sites. Read the full story [zdnet.com]
Browsing Category: Malware
From ZDNet (Dancho Danchev)
By Andrew Storms
The looming mobile malware threat of the past decade has yet to materialize. The reason for its lack of fruition, according to scientists, is due to geography and the lack of a dominant market shareholder. However well done the math, the scientific study is flawed nonetheless. “Understanding the Spreading Patterns of Mobile Phone Viruses” a new paper by 4 scientists fails take into account modern malware trends and operational knowledge of security vendors like those of antivirus companies.
Trojan downloaders and malware that masquerades as security software are the two fastest growing threats on the Web right now, according an analysis by Microsoft’s Malware Protection Center. In its latest Software Intelligence Report, released on Wednesday, the MMPC found that a Trojan downloader named Renos that installs rogue security software was the most prevalent threat in the second half of 2008, increasing by 66 percent.
The experts at SRI International, who have been tracking the Conficker worm as closely as anyone, have released the source code to the scanner they wrote to detect the active P2P scanning that Conficker-infected machines perform.
From Washington Post (Brian Krebs)
Web site host and domain name registrar Register.com has been the target of a sustained attack this week [washingtonpost.com], disrupting service for thousands of customers. The attacks began on Wednesday, causing a three-hour outage for many Web sites that rely on the company for hosting and/or use the company’s domain name system (DNS) servers, said Roni Jacobson, executive vice president at Register.com.
Read the full story [washingtonpost.com]
An old, but little-known worm has copied some of the infection strategies of Conficker [computerworld.com], the worm that raised a ruckus last week, Microsoft security researchers said late Friday.
Neeris, which harks to May 2005, is now exploiting the same Windows bug that Conficker put to good use, and is spreading through flash drives, another Conficker characteristic, said Ziv Mador and Aaron Putnam, researchers with the Microsoft Malware Protection Center. Read the full story [computerworld.com]
The mere existence of the Conficker Working Group (also known as the Conficker Cabal) is something of a minor miracle. Security vendors do not have a long history of cooperating with each other, aside from the perhaps the antivirus companies sharing samples. But, as an unidentified member of the Conficker Working Group writes in this diary entry [sans.org], the joint effort to stop the spread of Conficker could be used as a blueprint for future cooperative eforts.
From Facebook, by Jeff Williams, Microsoft
When the Koobface worm hit Facebook users last year, the company’s security team scrambled to help affected users reset their accounts and avoid new infections. But the worm has continued to crop up periodically since then, and so the anti-malware team at Microsoft has been helping the Facebook technicians get a handle on the attack.
From Dark Reading, by Kelly Jackson Higgins
In the last couple of years, SQL injection attacks have become the favorite tactic of pentration testers, cyber criminals and script kiddies alike. But some researchers are taking the technique to a new level. At Black Hat Europe later this month, a British researcher will show off a tactic for using SQL injection to take control of the database behind the Web server.
Lost amid all of the breathless reporting on Conficker’s update mechanism this week was the fact that machines infected with the latest version of the worm, Conficker.C, have effectively stopped previous versions of the worm from spreading.