Malware

Security researchers have discovered a new piece of malware that targets Mac OS X users and installs a remote-control backdoor on compromised machines. The malware, called Olyx, was discovered in a package that also contained some Windows malware and researchers say that the Mac backdoor is remarkably similar to the Gh0st RAT that was used in the infamous Ghostnet attacks in 2009.

A new report out from the Government Accountability Office (GAO) warns that the U.S. Department of Defense’s efforts to unify its cyber security operations has serious gaps and that the Department is “unprepared to meet the current threat” of cyber attack.

Randy Vickers, the director of the United States Computer Emergency Readiness Team (US Cert) abruptly abandoned his post on Friday when he tendered his resignation immediately.The resignation came via an email penned by acting assistant secretary for cybersecurity and communications, Bobbie Stempfley, and obtained by InformationWeek. The authenticity of that email has since been confirmed by a US CERT spokesperson, speaking on conditions of anonymity, according to Information Week.

Web applications are attacked every two minutes and at some times can experience upwards to 25,000 attacks an hour according to a report published by security firm Imperva today.As part of its continuing Hacker Intelligence initiative, Imperva’s Application Defense Center (ADC) released their Web Application Attack Report after analyzing six months of web traffic and more than 10 million attacks from December 2010 to May 2011. The study also followed onion router (TOR) traffic.

The U.S. Government is demanding that an alleged member of the online hacking group Anonymous be banned from using the Internet as a condition of his release, but won’t require him to run FBI monitoring software on his computers, saying the monitoring wasn’t enforceable. 

Scareware gangs have been using pretty much the same tactics since the dawn of time. Or at least since 2005. They compromise Web sites, use them as jumping off points for pop-up boxes that aim to terrify the citizenry into thinking their PCs are infected and downloading fake security software. But now, at least some of the crews are shifting their techniques to a much more subtle trick that waits for the victims to try to watch a video and then pounces.

HED:Report: Iran resorting to rip and replace to kill off Stuxnet infectionsDEK: Reports that Iran had recovered from the infection of the Stuxnet worm may have been overblown, as a new report suggests the country is being forced to replace thousands of expensive centrifuges damanged by the worm. Reports that Iran had recovered from the infection of the Stuxnet worm may have been overblown, as a new report suggests the country is being forced to replace thousands of expensive centrifuges damanged by the worm. The report fromt he Web site DEBKAfile cites “intelligence sources” to claim that Stuxnet was not purged from Iran’s nulcear sites and that the country was never able to return its uranium enrichment operation to “normal operation.” Instead, the country has said in recent days that it is installing newer and faster centrifuges at its nuclear plants and intends to speed up the uranium enrichment process, according to the country’s foreign ministry. Iran was believed to have 8,700 centrifuges in operation at the country’s Natanz facility the time the Stuxnet worm was released, which is believed to be around June, 2009. A recent report from Wired’s ThreatLevel blog (http://threatpost.com/en_us/blogs/wired-unpacks-stuxnet-mystery-071111)cites International Atomic Energy Agency (IAEA) officials who inspected the plant in January 2010 as saying up to a quarter of those centrifuges were disabled at that point, just months after the worm was released, and a full six months before it would be publicly identified by researchers at the Belarussian antivirus firm VirusBlokAda. A report from the Institute for Science and International Security (http://media.washingtonpost.com/wp-srv/world/documents/stuxnet_update_15Feb2011.pdf), dating from February, 2011, as well as contemporary news reports at the time that assessed the damage caused to Iran’s uranium enrichment program to be limited. Debkafile, citing Western intelligence sources, reports that Iran failed to erradicate the worm, which resurfaced and began spreading within the Iranian facilities, prompting the government to replace an estimated 5,000 working centrifuges. Stuxnet is widely believed to have been created specifically to disable Iran’s nuclear enrichment facilities, possibly with the involvement of the U.S. and Israel. (http://threatpost.com/en_us/blogs/stuxnet-analysis-supports-iran-israel-connections-093010)The worm was among the most sophisticated pieces of malware ever discovered in the wild. However, experts also note that Stuxnet wasn’t perfect and, in fact, that its authors made several, basic errors that may have prevented it from being discovered at all.(http://threatpost.com/en_us/blogs/stuxnet-authors-made-several-basic-errors-011811)  Reports that Iran had recovered from the infection of the Stuxnet worm may have been overblown, as a new report suggests the country is being forced to replace thousands of expensive centrifuges damaged by the worm.