The Network Security. Org

This seems to be the season for RFID-related scares. Following in the footsteps of the researchers in Belgium, researchers at Australia's Edith Cowan University have found a critical fault with Generation One Radio Frequency Identification (RFID) tags. The US Department of Defense is a big user of these tags. These Gen. 1 tags operate in the 902-938 MHz range.

The world of malware and rootkits has evolved a lot over the last two years, the most significant developments have been in the sophistication of rootkits.

In case the term "rootkit" doesn't mean much, a rootkit is basically a program that subverts the operating system, and allows the attacked to hide certain files and programs from the user. It usually will also provide a hidden backdoor into the system, and will hide network connections made through the backdoor from the user.

The old problem of DNS cache poisoning has again reared its ugly head. While some would argue that the domain name system protocol is inherently vulnerable to this style of attack due to the weakness of 16bit transaction IDs, we cannot ignore the immediate threat while waiting for something better to come along. There are new attacks, which make DNS cache poisoning trivial to execute against a large number of nameservers running today. The purpose of this article is to shed light on these new attacks and recommend ways to defend against them.

Security experts from MicroWorld Technologies inform that 'Trojan-Clicker.Win32.Qhost.v' is a new variant of the Trojan Clicker series. This malware spreads via email attachments targeting DNS servers to redirect web traffic towards specific websites.

By exploiting vulnerabilities in the Internet Explorer and Internet Connectivity components of Windows, 'Qhost.v' reroutes victim's machines to pre decided websites and other online resources.

A complete tool set to attack the inherent protocol weaknesses of IPV6 and ICMP6, and includes an easy to use packet factory library.

IPV6 project. This code was inspired when I got into touch with IPv6, learned more and more about it and then found no tools to play (read: "hack") around with. First I tried to implement things with libnet, but then found out that the ipv6 implementation is only partial - and sucks. I tried to add the missing code, but well, it was not so easy, hence I saved my time and quickly wrote my own library.

Is it possible for a Mac to catch a Windows disease? Yes, though it's not likely.

I'm quoted in April 6's USA Today in its story about Boot Camp, Apple's new software support for running Windows on Intel-based Macs. The reporter's question to me was whether Windows malware could attack the Macs running Windows.

Of course, the answer is, "Of course." Unless Apple has pulled off some secret miracle, any malware targeted at Windows will run on an Apple computer running Windows.

Virus researchers at Kaspersky Lab have found proof of concept code for a cross platform virus capable of infecting both Windows and Linux systems.

In an alert posted to Viruslist, Kaspersky said the sample virus has been given a dual name Virus.Linux.Bi.a/ Virus.Win32.Bi.a and highlighted the way attackers are targeting multiple platforms in malware attacks.

Security experts warned today of a newly detected rogue anti spyware application, UnSpyPC, which falsely identifies popular security products and well known file system tools as spyware.

Among the tools which were falsely identified were a popular and reputable anti virus tool, a well known anti spyware application and a system management tool often deployed in business critical environments.

Over the course of part two in this article series we covered both netcat and ettercap. What we shall now cover in the final part of this series is a packet crafter and an HTTP proxy. Read on to find out more about these very powerful tools of the trade.

So far in this article series based on tools used in the computer security industry we have gone over quite a few of the most commonly used tools. We have so far looked at a packet sniffer, a network scanner, the incredibly useful netcat, and man in the middle suite of tools known as Ettercap.

To study the proceedings and attacks from hackers, Honeypots are used. The idea thereby is, to put one or more special servers in a network . An aggressor; who cannot differentiate between genuine server/services and honeypots; sooner or later will be taken up the services offered by a Honeypot by his search for a safety gap. All his activities on the honeypot are loged thereby.

MIT assistant professor Dina Katabi says incremental increases in wireless network throughput just aren't going to cut it. Colleague Rob Miller says phishing attacks continue to get trickier and more threatening, and that a "Web wallet" could be the answer to safer e-commerce.

They are two of more than a dozen MIT faculty members presenting their latest research this week at the MIT Information Technology Conference to an audience of business representatives whose companies partner with the university to exchange ideas and transfer technologies from labs into the real world.

New York state Attorney General Eliot Spitzer is going after internet fraudsters again, this time suing a Manhattan spyware company for allegedly installing millions of pop-up advertisements on customers? PCs.

Spitzer on Tuesday announced a lawsuit against Direct Revenue, accusing the online media company of installing advertising software, known as drive by downloads, on computers without properly notifying customers.

Messaging security manufacturer, CipherTrust, has launched a free online service to alert organisations about potential phishing scams. PhishRegistry.org hosts a repository of known phishing scams and alerts registered users to sites that may threaten customer data or financial operations.

"When email first emerged in the business market it was a wonderful tool," said CipherTrust regional sales manager, Bob Jones. "Unfortunately it's been exploited over the years by spam and now phishing."

The ability to detach yourself from that wire, and to have an Internet connection wherever you go ? that's very seductive. But there are hidden dangers in wireless networking.

Wireless networking cards are nothing more than radios. And radios broadcast; they spew out their waves promiscuously, to every receiver in range. And every wireless networking card is also a receiver. So every wireless network card can receive all the information being sent out from every other wireless networking card. In your own home, maybe that's not such a big deal, but in your local coffee shop, that can be a very big deal indeed.

The threat of malicious software can easily be considered as the greatest threat to Internet security. Earlier, viruses were, more or less, the only form of malware. Nowadays, the threat has grown to include network-aware worms, trojans, DDoS agents, IRC Controlled bots, spyware, and so on. The infection vectors have also changed and grown and malicious agents now use techniques like email harvesting, browser exploits, operating system vulnerabilities, and P2P networks to spread.

In the news recently was an interesting story about MetaFisher (also known as Spy-Agent), a Trojan horse program that steals personal financial information. What was particularly interesting about the news report that I received from iDefense was screenshots of the control interface used by the MetaFisher bot network (botnet) operators. The images give a good idea of what goes on behind the scenes of botnets. If you've already looked at the news story that I posted on our Web site and didn't see the images, be sure to check it again, I added the images on Monday. You can link to the story from the MetaFisher news story below.

Today we heard of a rather interesting new Symbian malware application named Flexispy.A. It's a Symbian trojan spy that records information about the victim's phone calls and SMS messages, then sends them to a remote server.

What makes this interesting is that Flexispy.A is a trojan spy written by a company for commercial reasons. The company claims that it's a useful tool for catching a cheating spouse. By installing the application on the phone they can monitor to whom the victim is calling and what SMS messages he or she is sending. The company even claims that Flexispy is not a trojan.

Recently, a reader reported being forced to disable intrusion prevention monitoring within shared, multi tenant locations because the wireless scanning system was generating a confusing abundance of red herrings, or "false positives," from neighboring access points.

The thought of anyone forced to turn off security caused my anxiety level to spike.

This is not a virus or a trojan. It is detected as a "potentially unwanted program". This is an antispyware application claiming to remove unwanted malicious spyware programs. In order to clean or delete any files labeled as "malicious spyware", you must first enter a valid serial number to activate the full version or click on the "Buy Online" button and purchase the full version. This has been reported to be distributed in wild via exploits and trojan downloaders.

A hacker found a way into the server that houses a database of more than 570,000 members of eight state retirement systems, a state official reported Friday.

The GBI is investigating, but it's unclear whether any information including names, Social Security numbers or bank account data was compromised during the mid February incident, said Joyce Goldberg, communications director for the Georgia Technology Authority.

IBM introduced a new intrusion detection technology dubbed Billy Goat that claims to be highly effective in battling worm viruses and other types of malicious IT threats, and in eliminating false security alarms.

The Internet has gone beyond a communications and information medium and become a way for consumers to trade, buy things, and even do their banking. With vendors providing many of their services online, ecommerce is at an all time high. It encompasses a surprisingly wide range of activities, and each requires our attention and vigilance. It is critical to use the best security technology, and keep personal information confidential.

Several security companies have issued warnings about two recent exploits that take advantage of weaknesses in Windows and Internet Explorer to steal user information, including passwords for access to bank accounts, email, and insurance information.

Symptoms in a HijackThis Log should show this:

O4 - HKLM\..\Run: [SpywareQuake] C:\Program Files\SpywareQuake\SpywareQuake.exe /h

Note: Currently smitRem alone will not remove this infection. We are including it in this fix because Spyware Quake has been seen to install with other portions of the Smitfraud infection. The instructions here plus the use of smitRem should remove most, if not all, of this infection. Once smitRem is updated to include the removal of this infection, the guide will be updated accordingly.

This newest rogue just surfaced about 24 hours ago. There are already dozens of complaints about SpywareQuake?hijacking desktops and users are unable to remove it with ordinary means. I?ve blogged more details about SpywareQuake at Spyware Confidential. Members of the anti-spyware community have provided instructions for removing SpywareQuake...

A security audit on an unnamed government body has revealed a total of 171,000 instances where security policy was breached, according to Finjan, a provider of proactive web security solutions.

Finjan said the audit, which was conducted during one week towards the end of 2005, indicates the scale of the spyware threat to organisations. The audit gathered live Internet access information from the surfing activities of 25,000 users and Finjan's Vital Security web security solution was installed to scan content downloaded during the week.

A do it yourself malware creation kit is being hawked on a Russian Web site for less than $20, according to security researchers tracking the seedier side of the Internet. Virus hunters at SophosLabs discovered the spyware kit, called WebAttacker, on a Web site run by self professed spyware and adware developers. The kit is available for sale directly from the site, which even offers tech support to buyers.

This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to 'compromise' the server and to download further malware. This honeypot is 'fail safe' in that when left unattended, the default action is to do nothing though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.

It's always amusing to know what people are searching. By browsing the websites' "top searches" display on their opening pages, within minutes, you are in the know of all the topics people worldwide are looking into. It really does not matter where these pictures came from for the ardent pix hunter. I admit I was curious to see the first face transplant person's new face like most of you.

Are rootkits really as evil as they have been portrayed? Probably not, if you take into consideration the circumstances in which they are used. What is a rootkit anyway? It is defined as a set of software tools used by a third party to gain access to a computer system, and then maintain unknown presence in the system by hiding running processes, files, or data.

The IT security world is in something of an uproar there's a lot of discussion about a supposedly undetectable rootkit which uses virtual machine technology. The real question is, what's all the clamor about, and do we really need to worry?

The development of the rootkit, which works at a level below the operating system, was developed at the University of Michigan in a project sponsored by Microsoft. It became public knowledge after the IEEE Symposium on Security and Privacy conference materials were published they included the proof of concept.

A paper presented by Melanie Rieback, a third year Amsterdam's Vrije Universiteti PhD student, at the IEEE conference in Pisa, Italy, on Wednesday sent waves through the radio frequency identification (RFID) technology industry.

Rieback's paper "Is Your Cat Infected with a Computer Virus?" suggests computer viruses could spread from RFID tags through readers into poorly written middleware applications and into enterprise backend systems and databases.

A new variety of unusually powerful Internet attacks can overwhelm popular Web sites and disrupt emails by exploiting the computers that help manage global Internet traffic, according to security researchers. First detected late last year, the new attacks direct such massive amounts of spurious data against victim computers that even flagship technology companies could not cope.

It looks like yet another route is getting hit by cybercriminals, this time in the form of botnets raiding instant messaging clients for personal information tied to Online Shoppers and PayPal.

Acting on an anonymous tip, researchers have uncovered two "botnet" networks that collectively represent up to 150,000 compromised computers...

At this year?s RSA Conference last month, McAfee sponsored a panel discussion about mobile threats. In its presentation it pointed out that a year ago the biggest threats to cell phones seemed to be getting dropped accidentally or being destroyed through a fit of rage. But this year looks to be a defining year for mobile malware, and McAfee predicts a sharp increase in mobile malware threats in 2006.

A virus that encrypts documents and demands a ransom to decrypt them has been spotted making its way slowly across the Internet. Plus, another virus seeks to exploit the death of Slobodan Milosevic to fool users into opening a malicious attachment.

A new, advanced keylogging Trojan horse targeting users of financial Web sites can record mouse clicks as well as keystrokes, warns PC Tools.

The Trojan, a variant of PWSteal.Bancos.Q, has so far affected only Brazilian banking sites, but is likely to spread, according to PC Tools' malware research center which discovered the trojan Wednesday.

A group of European computer researchers have demonstrated that it is possible to insert a software virus into radio frequency identification tags, part of a microchip based tracking technology in growing use in commercial and security applications.

In a paper to be presented Wednesday at an academic computing conference in Pisa, Italy, the researchers plan to demonstrate how it is possible to infect a tiny portion of memory in the chip, which can hold as little as 128 characters of information.

A security firm has found, what it characterized as, the third known case of a program holding data for ransom. The malicious program searches for 44 different types of files, encrypts them, and then leaves a note for the user to pay $300 for the password to recover the files, according to an analysis by security firm LURHQ.

Because of the almost immediate two way nature of communication, many users feel that the use of instant messaging in the workplace leads to more effective and efficient workplace communications and, therefore, to higher productivity. As a result, IM is increasing in popularity in both professional and personal applications. However, as with most things Internet based, the increasing use of instant messaging has led to an associated increase in the number of security risks.

Email systems such as Microsoft Exchange, Lotus Notes and GroupWise were constructed with a single purpose in mind: accept and send the maximum amount of mail and route that mail as efficiently as possible. Without question this has succeeded, email is the most commonly utilised business communication tool on the planet and its use is projected to rise. In fact, the current volume of email sent worldwide is now more than 50 billion messages per day, with that number expected to double by 2008.

To stop worms and malware, first you must know about them. In today's rapidly evolving networks, where attackers are often one step ahead of the products designed to thwart them, anomaly detection is an important innovation. Many vendors rely on signature detection to find network borne threats. Customers often have to wait days to get a working signature for a new worm, leaving their networks vulnerable in the most critical period during a worm's release.

The New York Times recently took a front page swipe at the (Internet) age old question of whether an unprotected wireless network amounts to an open invitation for any piggybacker who happens by with a laptop.

Theft of service? . . . Or victimless "crime" of convenience?

At this point the question has become pretty much a philosophical one: Either you're OK with catch as catch can wireless . . . or you're not. But the story did get me thinking about the issue again.

A new survey conducted among AOL users in the UK revealed that less than 50% of users deployed some kind of Internet Security device, while the rest didn't mind leaving their computers wide open for online attacks and ugly malware. Though 86% percent of the users were informed and concerned about cyber security, not all of them were eager to translate that to protecting solutions.

Like most innovative technologies, using WLANs poses both opportunities and risks. Most mobile workers use wireless networks outside the secure enterprise perimeter, making wireless devices more vulnerable to attack. This white paper addresses threats that could compromise a wireless device at hotspots, airports, hotels and other public access networks and examines best practices for securing mobile wireless devices.

Cybercrooks are developing more sophisticated techniques to steal confidential data. According to the latest edition of Symantec's Internet Security Threat Report, malicious hackers are increasingly using bot-networks, modular malicious code and targeted attacks on web applications and web browsers to carry out cyber raids.

The web is the new attack vector for spyware, viruses, worms and other malware. Email traffic was yesterday's attack vector, but today web traffic is wide open to attacks by spyware and other malware. Users need only browse a web page or open a web email to trigger web-based spyware and worms. This web threat is expected to increase in sophistication, frequency, and severity because the development of spyware and other sophisticated malware is being fueled by criminal money. Web-based malware is a major challenge that requires a new security solution.

Fortunately, web security technology is moving beyond traditional approaches to new gateway-level scanning of all web traffic in real time.

Because of the proliferation of Web-based threats, you can no longer rely on basic firewalls as you sole network protection. Most firewall rules are based on the IP address and network port but they don't inspect the actual network traffic content.

One effective defense to employee attacks is to deploy a content-aware, perimeter-based network security device that inspects and blocks Web requests based on URL destination.

When panic stricken customers or users call for help with systems that have gone kablooey, the culprit is probably a malware infection.

Common complaints from malware infections include dying audio, blinking video, even a system that mysteriously turns itself on and off. The reasons for infection can vary, too. Maybe the customers simply lowered their security settings...or failed to update the security software you already installed...or just had a spate of bad luck.

Not too long ago I warned in a podcast that Mac users need to be wary of a Mac virus. I got chastised for it a little, but now it appears I was right. Of course, 1 virus on the Mac is nothing compared to the hundreds that come out against Windows on a regular basis, but if one person can figure out how to do it, os can others.

This virus sounds a bit crude and reminds me of some of the early viruses, deleting and destroying rather than insunuating itself into the computer. Give it a week or two, I'm sure a more subtle version will come out. I still want to get a miniMac when they get the Intel chips.