The DHS Daily Open Source Infrastructure Report covers the publicly reported material for the preceding day(s) not previously covered. This weekly summary provides a selection of those items of greatest significance to the InfoSec professional.
Week Ending: Friday, May 29, 2009
Could it happen here? How will you deal with it?
35. May 21, IDG News Service – (International) DNS attack downs Internet in parts of China. An attack on the servers of a domain registrar in China caused an online video application to cripple Internet access in parts of the country late on May 20. Internet access was affected in five northern and coastal provinces after the DNS (domain name system) attack, which targeted just one company but caused unanswered information requests to flood China’s telecommunications networks, China’s IT ministry said in a statement on its Web site. The incident revealed holes in China’s DNS that are “very strange” for such a big country, said the head of Kaspersky’s Virus Lab in China. Internet access returned to normal in the late night several hours later, according to the government statement. Source: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9133376&taxonomyId=17&intsrc=kc_top
Does your business depend upon mobile devices? If so, you best keep pace with the following!
38. May 26, National Science Foundation – (National) Viral epidemics poised to go mobile. While computer viruses are common, there have been no major outbreaks of mobile phone viral infection, despite the fact that over 80 percent of Americans now use these devices. A team headed by the director of the Center for Complex Network Research at Northeastern University set out to explain why this is true. The researchers used calling and mobility data from over six million anonymous mobile phone users to create a comprehensive picture of the threat mobile phone viruses pose to users. The results of this study, published in the May 22 issue of Science, indicate that a highly fragmented market share has effectively hindered outbreaks thus far. Further, their work predicts that viruses will pose a serious threat once a single mobile operating system’s market share grows sufficiently large. This event may not be far off, given the 150 percent annual growth rate of smart phones. This study builds upon earlier research by the same group, which used mobile phone data to create a predictive model of human mobility patterns. The current work used this model to simulate Bluetooth virus infection scenarios, finding that Bluetooth viruses will eventually infect all susceptible handsets, but the rate is slow, being limited by human behavioral patterns. This characteristic suggests there should be sufficient time to deploy countermeasures such as antiviral software to prevent major Bluetooth outbreaks. In contrast, spread of MMS viruses is not restricted by human behavioral patterns, however spread of these types of viruses are constrained because the number of susceptible devices is currently much smaller. Source: http://www.usnews.com/articles/science/2009/05/26/viral-epidemics-poised-to-go-mobile.html
Are you prepared for another worm attack?
28. May 25, SiliconRepublic.com – (International) ‘Gumblar’ virus could be bigger than Conficker worm. A new malware virus is on the loose and within days has become accountable for half the malware on the web. It is particularly vicious because it targets Google users in particular. The worm, also known as JSRedir-R, attacks computers through vulnerabilities in Adobe PDF reader and Flash player. By last week, more than half of all malware found on websites was identified as Gumblar, with a new webpage infected every 4.5 seconds. The worm redirects the user’s Google search results to sites that download more malware onto the machine or allow criminals to conduct phishing attacks to steal login details. It has begun to spread on sites where passwords or software have been previously compromised and visitors are infected without realizing it. It is believed the malicious worm draws its code from a webpage based in China. Once cybercriminals are in possession of a victim’s FTP credentials, any sites that the victim manages can also be targeted for compromise — a common malware propagation tactic, said IT security firm ScanSafe. Source: http://www.siliconrepublic.com/news/article/13025/cio/new-worm-to-rival-conficker
And you thought Twitter usage is harmless!
35. May 26, ZDNet – (International) Twitter API ripe for abuse by Web worms. A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as a researcher points out, it is much easier to misuse the Twitter API as a “weak link” to send worms squirming through Twitter. The researcher, well-known for his research work on browser and Web application vulnerabilities, draws attention to the fact that a single vulnerability on any of the third-party services (Twitpic, etc.) that use the API can trigger the next Twitter worm. Source: http://blogs.zdnet.com/security/?p=3451