The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Week Ending: Friday, June 5, 2009
Perhaps You Should Consider Blocking Some Search Terms!
25. May 28, SC Magazine – (International) McAfee documents riskiest search terms. A McAfee study into 2,600 of the most popular keyword searches on the web has concluded that hunts for “screensavers” present the most risk. The report released the week of May 25 shows that users who search for “screensavers” have a 59.1 percent chance that they will be infected by malware on a given page of results. By category, the most dangerous searches involved keywords containing the word “lyrics” (26.3 percent risk) and “free” (21.3 percent). The safest category searches, meanwhile, related to “health” (four percent) and the “economic crisis” (3.5 percent). The report also warned of the risk generated by searching for information on “work from home.” Variations of this search term — considered more popular than ever, given the state of the economy — ranged from a 6.3 percent-risk to a 40 percent-risk of infection. Source: http://www.scmagazineus.com/McAfee-documents-riskiest-search-terms/article/137632/
Are You Prepared for the Latest Corporate Spamming Techniques?
26. June 1, Computerworld – (International) Spammers find new ways to flood corporate networks. Unsolicited e-mail accounted for 90.4 percent of all messages received on corporate networks during April, an increase of 5.1 percent from a month earlier, according to a report released May 26 by Symantec Corp.’s MessageLabs Intelligence unit. The monthly MessageLabs report on threat trends also found that nearly 58 percent of all spam can be traced to botnets. A researcher at Cloudmark Inc., a provider of antispam tools, noted that in addition to using botnets, spammers in recent months have been experimenting with a new way to sneak unwanted email past corporate filters. Often, he said, a spammer will rent legitimate network services, often in an Eastern European country, and then blast a large amount of spam at the network of a specific ISP. The idea is to push as many messages as possible onto the network before any kind of filtering software detects the incident. The researcher estimates that hundreds of thousands of such messages are sent each day without detection. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=339801&taxonomyId=17&intsrc=kc_top
Is there a “Gumblar” in your future?
Has one of the sites for which you are responsible been compromised?
Will U.S. Government investment in Cyber Security help solve problems?
37. June 3, Congress Daily – (National) Obama Administration begins work on cybersecurity R&D. Maximizing government investment in federal cybersecurity research and development is a major component of the U.S. President’s plan to bolster defenses against high-tech attacks. If the White House’s new cyber strategy and key agencies’ fiscal 2010 budget requests are any indication, they are off to a solid start. In the near term, the White House’s unnamed cyber czar will be charged with developing a framework for R&D strategies that focus on “game-changing technologies” and provide the research community access to event data to help develop tools and testing theories, according to the May 29 report, which stemmed from a 60-day review. That czar will eventually develop threat scenarios and metrics for risk management decisions, recovery planning and R&D prioritization. “Research on new approaches to achieving security and resiliency in information and communications infrastructures is insufficient,” the report stated. “The government needs to increase investment in research that will help address cybersecurity vulnerabilities while also meeting our economic needs and national security requirements.” The President proposed a $37.2 million cyber R&D budget for DHS in fiscal 2010 to support operations in its national cybersecurity division as well as projects within the CNCI. DHS is using much of its fiscal 2009 allotment to deploy Einstein, a system to analyze civilian agencies’ systems for cyber threats and intrusions. Source: http://www.nextgov.com/nextgov/ng_20090603_2540.php
Perhaps something like this?
11. June 2, SC Magazine – (National) Bank of America certificate scam propagating Waledac, Virut. A new spam campaign disguised as a Bank of America email telling users they need to update their digital certificate is attempting to lure users into installing the Waledac worm. The messages, which first started being detected recently, seemingly come from Bank of America, and tell users, “The digital certificate for your Bank of America direct online account has expired. You need to update the certificate using Bank of America direct digital certificate updating procedure.” Recipients are then instructed to click on a link and follow the given instructions, the lead threat analyst at web and email security firm Marshal8e6 told SCMagazineUS.com in an email on June 1. The spam originates from the Pushdo botnet, which has been active in similar malicious phishing attacks, the analyst said. After following the link, the user is encouraged to fill in a web form, and to download a new “digital certificate” to continue, the analyst said. The “certificate” however, is an executable file which seeks to download malware to the victim’s PC. The SANS Internet Storm center said in a post on June 1 that a quick analysis of this malware showed “probable signs” of Waledac, the notorious worm capable of harvesting and forwarding password information and receiving commands from a remote server. A threat researcher for Panda Security confirmed to SCMagazineUS.com on June 2 that the threat is being detected as Waledac. Source: http://www.scmagazineus.com/Bank-of-America-certificate-scam-propagating-Waledac-Virut/article/137848/
Note: The DHS only maintains the last ten days of their reports online. To obtain copies of earlier reports or complete summaries, go to:http://dhs-daily-report.blogspot.com/