From: rakesh@sysman.in
To: rakesh@sysman.in
Subject: [CCCNews] CCCNews Newsletter - dated 2010 March 26
Date: Fri, 26 Mar 2010 21:43:58 +0530
March 26, 2010
Editor - Rakesh Goyal (rakesh@sysman.in)
In today's Edition - (This is a news-letter and not a SPAM)
ONE UP : New malware overwrites software updaters
STANDARD : IETF close to standard for reporting cyber crime
JAILED : TJX Hacker Albert Gonzalez gets 20 years in prison
MUTUAL : Government can't solve cybersecurity alone – US DHS
IT Term of the day
Quote of the day
* Direct Circulation in 4 Google groups (control-computer-crimes@googlegroups.com and IT-Sec-NSE@googlegroups.com) and 2 more groups
--
You received this message because you are subscribed to the Google Groups "control-computer-crimes" group.
To post to this group, send email to control-computer-crimes@googlegroups.com.
To unsubscribe from this group, send email to control-computer-crimes+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/control-computer-crimes?hl=en.
--Forwarded Message Attachment--
IT and Related Security News Update from
Centre for Research and Prevention of Computer Crimes, India
Courtesy - Sysman Computers Private Limited, Mumbai (www.sysman.in)
March 26, 2010
Today�s edition ��
ONE UP : New malware overwrites software updaters
STANDARD : IETF close to standard for reporting cyber crime
JAILED : TJX Hacker Albert Gonzalez gets 20 years in prison
MUTUAL : Government can't solve cybersecurity alone � US DHS
(Click on heading above to jump to related item. Click on �Top� to be back here)
ONE UP : New malware overwrites software updaters
It's the first time researchers have seen malware overwrite rather than mask itself as an update program
By Jeremy Kirk
26 March, 2010
http://computerworld.co.nz/news.nsf/security/new-malware-overwrites-software-updaters?opendocument&
For the first time security researchers have spotted a type of malicious software that overwrites update functions for other applications, which could pose additional long-term risks for users.
The malware, which infects Windows computers, masks itself as an updater for Adobe Systems' products and other software such as Java, wrote Nguyen Cong Cuong, an analyst with Bach Khoa Internetwork Security (BKIS), a Vietnamese security company, on its blog.
BKIS showed screen shots of a variant of the malware that imitates Adobe Reader version 9 and overwrites the AdobeUpdater.exe, which regularly checks in with Adobe to see if a new version of the software is available.
Users can inadvertently install malware on computers if they open malicious email attachments or visit websites that target specific software vulnerabilities. Adobe's products are one of the most targeted by hackers due to their wide installation base.
After this particular kind of malware gets onto a machine, it opens a DHCP (Dynamic Host Configuration Protocol) client, a DNS (Domain Name System) client, a network share and a port in order to received commands, BKIS said.
Malware that poses as an updater or installer for applications such as Adobe's Acrobat or Flash are nothing new, said Rik Ferguson, senior security advisor for Trend Micro.
Decent security software should detect the malware, but those people who do become infected could be worse off even if the malware is removed, Ferguson said.
"They will lose the auto-updating functionality of whatever software is affected even after the malware is cleaned up," Ferguson said. "That could of course leave them open to exploitation further down the line if critical vulnerabilities don't get patched as a result."
That means that users would need to manually download the software again, which they may be unlikely to do if they don't know the effect of the malware.
STANDARD : IETF close to standard for reporting cyber crime
Database of suspicious incidents proposed
By Jeremy Kirk
24 March 2010
http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?RSS&NewsId=19552
The Internet Engineering Task Force is close to approving a specification for a common format for reporting e-crime, a step taken to allow security experts to react faster to cybercrime.
The Anti-Phishing Working Group is already collecting reports from organisations using the XML-based Instant Object Description Exchange Format (IODEF), which has been customised with extensions appropriate for e-crime reports, said Peter Cassidy, secretary general of APWG.
The format will allow for unambiguous time stamps, support for different languages and a feature to attach samples of malicious code.
The specification is now with the IETF, which has been looking at it for more than a year. If it is approved as a standard, the format will likely be taken up by banks, security organisations and other entities, Cassidy said. The format can be used to report crimes such as phishing and fraud incidents.
What the specification intends to solve is the inconsistent manner in which e-crime reports are now collected. Different organisations assemble data in a variety of ways, and frequently it is not widely shared, Cassidy said.
"Electronic crime is a smattering of data from places you haven't seen," said Cassidy, who is scheduled to give a presentation at the Council of Europe's conference on cybercrime.
That's problematic since spotting e-crime trends requires broad visibility on incidents around the world. With a standard data format inputted into a database, investigators and experts will be able to mine the data and analyse it much faster using automated tools. The data is so voluminous that manual human analysis is impossible.
"Automated analysis is not an option, it's inevitable, which then allows for deterrence," Cassidy said. "You don't win with episodic data."
With a common reporting format, a bank could query the database to find out what range of IP (Internet Protocol) addresses have been used for fraud attacks, Cassidy said. Other parameters could be used, such as conducting searches by geography or even by grammar mistakes in phishing messages.
Criminals know how difficult it is for law enforcement to chase them electronically and use that to their advantage, Cassidy said. "Everything is against the good guys," he said.
The technical part is easy. The challenge is how the information can be legally shared, as data protection regulations differ by countries and regions. IP addresses, for example, can be considered personally identifiable information, but it's a crucial piece of information in cybercrime investigations, he said.
Once the IETF gives the specification a number, organisations are likely to begin using it, Cassidy said.
"I think the banks will embrace it," Cassidy said. "They're already exchanging data."
JAILED : TJX Hacker Albert Gonzalez gets 20 years in prison
Angela Moscaritolo
March 25, 2010
http://www.scmagazineus.com/hacker-albert-gonzalez-receives-20-years-in-prison/article/166571/
Albert Gonzalez on Thursday received the largest-ever U.S. prison sentence for a hacker.
Gonzalez, 28, of Miami, was sentenced to 20 years in prison for leading a group of cybercriminals that stole tens of millions of credit and debit card numbers from TJX and several other retailers.
Gonzalez pleaded guilty in September to multiple federal charges of conspiracy, computer fraud, access device fraud and identity theft for hacking into TJX, which owns T.J. Maxx, BJ's Wholesale Club, OfficeMax, Boston Market, Barnes & Noble and Sports Authority. He was facing up to 25 years in prison for these charges.
Gonzalez also pleaded guilty last year in two other pending hacking cases for which he is scheduled to be sentenced on Friday. He faces up to 20 years in prison for his role in hacking into the network of Dave & Buster's restaurant chain and stealing credit and debit card numbers from at least 11 locations.
As part of a third pending case, Gonzalez faces between 17 and 25 years in prison for hacking into the payment card networks of Heartland, 7-Eleven and Hannaford Bros. supermarket chain to steal more than 130 million credit and debit card numbers. In a plea deal, his sentences will run concurrently to each other.
The former record-high hacking sentence of 13 years in prison was handed down just last month to a San Francisco man named Max Ray Butler, who was convicted of hacking into financial institutions and then hawking the stolen data in an online forum.
This is the third conviction to be handed down this week to individuals involved in the TJX hack. On Tuesday, one of Gonzalez' co-conspirators, Jeremy Jethro, 29, was sentenced to six months home confinement and three years of probation for providing Gonzalez with a zero-day exploit to take advantage of a then-unknown vulnerability in Microsoft's Internet Explorer browser.
In addition, Humza Zaman, formerly a programmer at Barclays Bank, was sentenced earlier this month to 46 months in prison and fined $75,000 for laundering at least $600,000 in identity theft proceeds for Gonzalez. Also, in December, Stephen Watt, 25, of New York was sentenced to two years in prison and ordered to pay $171.5 million in restitution for providing Gonzalez with the "sniffer" program that was used to hijack credit card numbers from TJX.
The security community reacted swiftly to the Gonzalez sentencing.
�The Gonzalez sentence sends a clear message to career criminals and organized crime outfits,� Michael Maloof, CTO at information security management firm TriGeo Network Security, said in a statement sent to SCMagazineUS.com on Thursday.� �If you use a computer to steal or provide tools that encourage others to steal, you will go to jail � hopefully for a very, very long time.�
Frank Kenney, VP global strategy at managed file transfer solutions vendor Ipswitch File Transfer, also said Gonzalez' sentence could serve as a deterrent to others.
�Raising the bar with sentences like the Gonzalez case may detract future hackers,� he said.
MUTUAL : Government can't solve cybersecurity alone � US DHS
by Kevin McCaney
Mar 24, 2010
http://gcn.com/blogs/tech-blog/2010/03/fose-blog-5.aspx?s=gcnALERT_240310
U.S. software-makers are improving the security of their products, but the country�s cyber infrastructure is still far from secure, according to comments by Richard Marshall, the Homeland Security Department�s director of Global Cybersecurity Management in the National Cybersecurity Division.
Marshall spoke this morning at FOSE, saying that, despite progress, laws are inadequate, education needs to be improved and the public and private sectors need to work together. GCN Editor-in-Chief Wyatt Kash was at Marshall�s talk and sending observations to Twitter. Other FOSE attendees also contributed to the flow of tweets.
According to their posts, Marshall said government can't solve the cyber problem alone, and neither can the private sector. It�s everyone�s job.
He also talked of the need for more secure software and of the need for academic centers of cyber excellence and training in all sciences/disciplines using the Internet.
Marshall discussed such security problems as the Defense Department�s purchase of counterfeit Cisco routers and the ongoing difficulties of dealing with logic bombs, back doors and other threats. He said laws currently are inadequate for dealing with these problems. He did, however, note that hackers are saying that U.S. software is getting harder to compromise.
Later, CNN Senior Political Correspondent Candy Crowley talked about the broader political landscape. Among her points: The November elections will be the �first act� on the just-passed health care reform bill.
New IT Term of the day
Active Desktop
A feature of Windows that began in Windows 98 that allows the user to store Web content on the desktop. The items that are placed on the active desktop receive feeds from the Internet that update the information as needed. They can also be static Web pages with hyperlinks on the desktop instead of in a browser. For example, a user can add such items as a stock ticker, a news feed, search buttons or weather reports. Active Desktop can host any HTML item, Java applets and ActiveX components.
A slave is he who cannot speak his thoughts.
Euripides
Note -
- As a member of this group, you get useful information to protect yourself and your IT assets and processes from various Computer and Related Crimes.
- If you think that your other friends/colleagues/acquaintances/relatives/foes/enemies also needs this information, forward the mail to them and request them to send their e-mail addresses and names to us with subject as "Subscribe".
- If you or someone has become victim of Computer Crimes or has any query on prevention, you are welcome to write to us.
- If you are not interested in it and would like to unsubscribe - send a reply mail with subject as "Unsubscribe".
- Disclaimer - We have taken due care to research and present these news-items to you. Though we've spent a great deal of time researching these matters, some details may be wrong. If you use any of these items, you are using at your risk and cost. You are required to verify and validate before any usage. Most of these need expert help / assistance to use / implement. For any error or loss or liability due to what-so-ever reason, CRPCC and/or Sysman Computers (P) Ltd. and/or any associated person / entity will not be responsible.
All the post budget analysis and implications Sign up now.
No comments:
Post a Comment