First Ever Joint EU-US Cyber War Game Starts
Despite extreme upheaval and rampant infighting caused by the European debt crisis, the EU and U.S. are banding together today in Brussels and shifting its focus toward cyber security.
Vulnerabilities
Is .info the New .cc?
By Kurt BaumgartnerIn April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv. That DNS setup later led to FakeAv downloads for the Mac as forecast. But FakeAv distribution has been steadily declining since the beginning of the year, and a few related major events have occurred over the past six months. Blackhole operators have migrated to .info domains, along with other related malicious site operators. Have they pushed .info to become the new .cc?
Poison Ivy RAT Still Giving Users a Rash
The Poison Ivy malware kit is old. It was first seen in 2005, which makes it about 762 years old in Internet years. But that doesn’t mean it’s no longer useful, as evinced by the data collected by Microsoft in a new report on the tool, which shows that it is still in active use and is turning up on thousands of infected PCs.
By any measure, Luigi Auriemma is a prolific vulnerability researcher. In the first ten months of 2011, the pay-for-bugs program Zero Day Initiative credited Auriemma with discovering 30 vulnerabilities, ranging from issues in Sybase enterprise software to Adobe Shockwave to Apple Quicktime. In its Upcoming Advisories section, ZDI listed Auriemma with finding another 35 vulnerabilities that still await fixes from their developers. The vulnerability researcher, who has made his name in part by finding SCADA bugs, is not yet ready to leave his day job. Despite ZDI’s bonus system, his independent research is not a career, he says.
Microsoft said that its looking into a reported zero day vulnerability in Windows that was used by the Duqu malware to spread, but isn’t committing to a patch for the problem in time for this months scheduled update.
Having more friends on Facebook might not mean you’re popular, but it does make you more likely to accept an invitation from a fake friend, according to research from the University of British Columbia.
The Black Hole exploit kit is really becoming a serious pain in the neck for people trying to use the Internet. At some point, it may become easier to start a list of the URLs that aren’t hosting the exploit kit, rather than the ones that are. For the time being, the latest entry in the latter category is a group of thousands of WordPress blogs that have been compromised and are now redirecting visitors to sites serving the Black Hole exploit kit.
UPDATE: An independent security researcher has warned officials in Australia, the US and China about a serious, remotely exploitable hole in language translation software that is used by leading corporations, universities and governments.
A newly discovered installer for the Duqu malware includes an exploit for a previously unknown vulnerability in the Windows kernel that allows remote code execution. Microsoft is working on a fix for the kernel vulnerability right now. The exact location and nature of the flaw isn’t clear right now.
After tapering off, the Zeus Trojan has been staging a comeback over the last few months, possibly using a new infection routine that leverages Windows’ autorun feature even after a company update to limit infections that use it, according to research by Microsoft.
