This Month in the Threat Webscape – June 2010
Jul 30
Month of June
Security conferences are a great way to learn about what's on the cutting-edge, germinate and cross-pollinate ideas, and establish real-world relationships within the tight-knit community of white hat hackers. This past month, we presented at both EUSecWest in Amsterdam and SyScan in Singapore.
If you missed us there, not to worry, in just a few weeks we are presenting at Black Hat and DEF CON, both in Las Vegas. Come say hi to us!
Major hits
Every major event and news item is followed very closely by exploiters looking to achieve some profit. It may be the death of a celebrity or a major event such as FIFA World Cup; the bad guys are always there. With the World Cup still ongoing, we continue to see targeted attacks of known zero-day pdf vulnerabilities, the infamous 419 scam letters, phishing attempts, and of course the more popular than ever Blackhat SEO scareware campaigns.
More than 100k popular Web sites were compromised last month with a mass injection targeting IIS using ASP.net platform. The attack came from Chinese IP addresses and the injected iFrame led to a Chinese-hosted domain http://www.ro[REMOVED]nt.us serving juicy Mal/Behav-290 malware. The majority of Web sites were cleaned up in matter of hours.
Apple, Inc. was accused of a data breach resulting in the loss of 100k email addresses and ICC-ID numbers. A few hours later the finger was pointed to the real miscreant. An AT&T designed and secured Web application allowed the Goatse hacker group to match ICC-IDs with email addresses used by iPad users to access their iTunes accounts. Observations? If you are a developer, carefully design and review for security and secure coding practices. If you are a hacker, do not irritate a giant without very good armor.
Web 2 dot uh oh
It seems like everyone on the Web today is trying to figure out how to leverage social networking tools (Facebook, Twitter) for "viral" marketing. Even the bad guys. This month, the baddies used a clever combination of social and technical tricks to increase their own reputation and get over 15,000 people to 'like' them on Facebook. The social-engineering trick started off with a lure (as they all do) to see the "best passport application rejection in history". Behind the scenes, an invisible Facebook 'like' button follows your mouse cursor, guaranteeing that you'll click on the Facebook 'like' button regardless of where you click on the malicious web site. The consequence of clicking the hidden 'like' button is that a link to this web site is posted on your Facebook profile for all your friends to see – and if they too click on it, the cycle repeats itself.
In a separate Facebook scam involving the lure 'Teacher nearly killed this boy', a rogue Facebook app requested permission to access the viewer's profile information, and permission to post content on the viewer's Facebook wall. Users who don't pay attention and simply click through to get to the video risk the safety of their Facebook friends should they click on something malicious that could be posted by the rogue app from the viewer's wall.
A persistent cross-site scripting (XSS) vulnerability was discovered on Twitter. You may recall a similar incident some time ago, but whereas the previous case involved the application URL, this time around it involves the application name.
A study by ISACA, an international organization that researches IT governance and control just published a research paper that listed viruses and malware, brand hijacking, and lack of control over corporate content as some of the top risks faced by companies using Web 2.0 social media tools.
Is that any surprise?
Browser & friends
Adobe made a big splash in the security market this month. New zero-day vulnerability (CVE-2010-1297) was discovered early in the month. A few days later PDF samples embedded with a SWF file exploiting the vulnerability were found in the wild. The samples spread as an email attachment. And then html pages with exploited SWF files arrived. The more convenient method has been used to attack customers. Details about the zero-day vulnerability can be found here.
In the middle of the month Adobe released a security update for Flash Player that fixes 31 vulnerabilities, including the zero-day vulnerability. At the end of the month Adobe released a security update for Adobe Reader and Acrobat to fix the zero-day vulnerability. You should update your Flash Player and Adobe Reader as soon as possible.
Mozilla released 8 security advisories this month, several critical vulnerabilities were fixed in the recent Firefox update. A new feature called Crash Protection, also known as OOPP(Out Of Process Plug-ins) has been added to Firefox 3.6.4. With this feature, the plug-in process is isolated from the browser process. This makes the browser more stable because a plug-in crash should not affect the browser.
Apple has patched 48 vulnerabilities for Safari and WebKit.
Microsoft
The two big events this month were Microsoft's busy Patch Tuesday, addressing 34 vulnerabilities, and a zero-day POC released by a Google security researcher.
Among the many fixes this month, Microsoft fixed the SharePoint XSS bug from April and a publicly disclosed data leakage vulnerability in Internet Explorer. Other vulnerabilities affect Windows, Office, Internet Explorer, and the IIS Web server.
Tavis Ormandy, a security researcher at Google, released a zero-day exploit in the Windows Help and Support Center that allows remote code execution. Tavis posted exploitation details to the Full Disclosure list just a few days after notifying Microsoft of the vulnerability. Microsoft released and discussed an advisory on the issue, including a workaround to disable the HCP protocol being exploited until a patch is released.
Hello ThreatSeeker. You've got mail!
Delivering Web sites as an attachment via email is a bit like snail-mailing someone a newspaper clipping when you can just send them the URL. As silly and inefficient as that may be, if the method delivers, then it's well worth it. And that's exactly what the malicious hackers did: deliver malicious Web sites as an attachment via email. In this incident, victims were told their computers were infected and that they needed to open the attachment "Virus Scan.html". This resulted in the computer downloading a malicious PDF and Java .jar file.
The bad guys also capitalized on the official launch of the much anticipated iPhone 4 by delivering scams via email and also posting them on Facebook. The lure enticed users with the chance of receiving a free iPhone 4 (yes, some offers on the Internet are just too good to be true. Always proceed with caution!)
Other assorted unhealthy snacks served up via email this month included the following themes:
- Reset your Twitter password - malicious link to fake AV
- FIFA World Cup South Africa… bad news - malware attachment in a "news.html" file
- Account verification (yeah, this one's subject line is boring in comparison) – malicious link to malware and exploits
- Notice of Underreported Income (masquerading as from the IRS) – malicious link to fake site and malware
Security Trends
Joanna Rutkowska, who is known for her work on virtualization security and low-level rootkits, is building a project named Qubes, which is an open-source OS meant to provide isolation of the OS components for better security.
At the Syscan'10 Singapore conference, security researchers from TEHTRI-Security published twelve zero-day flaws targeting five of the most common Web malware exploitation kits, such as Neon, Eleonore, Liberty, Lucky, and the Yes exploitation kits.
It was observed in a specific malicious spam campaign, that the malicious HTML file attachment used the same obfuscation algorithm as a known mass injection attack on the web.
This month's contributors:
- Lei Li
- Ulysses Wang
- Erik Buchanan
- Ivan Sabo
- Jay Liew
Posts Related to This Month in the Threat Webscape - June 2010
This Month in the Threat Webscape – May 2010
Major Hits A few Web sites belonging to the U.S. Department of the Treasury were compromised and injected with a malicious iframe which loaded ...
Why did you remove my post… My post was actually useful unlike most of these comments. Ill post it again. Heya , I have found a brilliant way to make shed loads of money online writing blogs. I presume this is probably for the website admin but there are probably alot more bloggers reading this. I have made thousands using the techniques described in the product and it’s only been 2 months. Free Money Making Blog By Blogging To The Bank
Heya guys, I have been using a fantastic way to make loads of money online blogging. I suppose this is probably for the website blogger but there are probably alot more bloggers reading this. I’ve made thousands using the techniques described in the product and its only been 2 months. Free Money Making Blog By Blogging To The Bank
Heya guys. I want to share a new Clickbank product with you. It is called Mobile Monopoly. Its been on the market for just over a month and is already the most selled product on Clickbank. It teaches you brand new techniques on how to earn money with Mobile Marketing. Mobile Market is A HUGE MONEY SUPPLY right now for making money, it is booming and i promoise you with this Ebook you really can make thousands per month. Mobile Marketing is booming right now, just like the .com did in the late 90′s. Get your share of the money. Mobile Monopoly – Just check the site out. I promise you that you wont regreat it. This Ebook is for everyone who is intrested in making money online.
Social networking is good and bad. It’s nice to say you got 10,000 friends, but it’s bad when you never met any of them and probably never will.
I think their are some great social networking scripts out their right now. I have tried phpFox, Elgg, Dolphin, and SocialEngine. Out of my experience with these scripts, I have to say that phpFox and SocialEngine are awesome for building your own network.
I read your articles and i think you got talent in writing
You post great posts, bookmarked for future referrence !
Choosing a good ecommerce website design company http://bit.ly/9vi6o1
I am really thankful to the author of this post for making this lovely and informative article live here for us. We really appreciate ur effort. Keep up the good work. . . .
I’m sorry for this intrusion, I see from your site that we are very much into the same things. I have just come accross something that I think you would be interested in. check it out and have a fantastic day
http://bit.ly/aqCf2D
I wasn’t aware of some of the information that you mentioned so I want to just say thank you.
I don’t usually agree with the comments that are presented on sites but in this case I agree.
This Post is Composed in,I was Seeming for the Facts.Thank you and your Reveal this articl at Right here
Really great, practicly explained and useful tips.
your new Reveal!
A Really amazing article. Many thanks for sharing you?e wealth of knowledge with us once again. It? no wonder your blog does
I feel the data given in the post is top notch. I am working on a study relating to the topic and your post definitely spelled out a great deal of queries I had. I’m working on an essay and school assignment for my English class and recently studying a great amount of blogs to review.
Interesting Write-up with A number of Helpful advises. Thank you very Very much, I?l Begin Reading through your Weblog.
I like the writing relevancy of your website and it does a pretty nice job of presenting the information.
This is a good blog. Keep up all the work. I too love blogging and expressing my opinions. Thanks
Ha, that? actually a really good suggestion. Many thanks so much for this!
Great!This article is creative,there are a lot of new idea,it Provides me inspiration.I Believe I will also inspired by you and Believe
sorry for my english not so well, but me think that you are right too pointe. Me share video now.
Not easy to say thank you, me english not so good – but these really good. Good read. This video my country.
A Genuinely amazing article. Many thanks for sharing you?e wealth of knowledge with us After again. It? no wonder your Weblog does
Awesome post and must say it got my attention. I was browsing online and saw your site and am glad i found it.
Ha, that? actually a Actually good suggestion. Thanks so Incredibly much for this!
Come on and keep writting your Weblog will be Additional Interesting. To Your Success!
Why are there no far more these kinds of blogs? Your content are fantastic and appear in themes, which can’t be identified anywhere. Please continue writing this sort of excellent stuff, it’s actually beneficial. The world wide web is full of amazing waste, as one is delighted should you discover one thing else. Why are not there additional? Tend not to leave me hanging!
Incredible, that’s exactly what I was searching for! You just spared me alot of digging around
Howdy, i read your blog occasionally and i own a similar one and i was just wondering if you get a lot of spam comments? If so how do you prevent it, any plugin or anything you can advise? I get so much lately it’s driving me mad so any assistance is very much appreciated.
Wonderful blog! I truly love how it is easy on my eyes and also the info are well written. I am wondering how I can be notified whenever a new post has been made. I have subscribed to your rss feed which really should do the trick! Have a nice day!
Found your site on StumbleUpon, and I just needed to say thanks for the information!
I usually don’t post in Blogs but your weblog forced me to, remarkable work.. wonderful …
Hi great blog, I saw your web site when doing some study on how to improve my site. I was simply which spam software package you use for comments as I get tons on my blog.
It’s a good thing site All the specifics I uncovered helpful. We’ve made note of it and can visit once more soon. Thank you.
Cool article. Thank you!
I know this is really boring and you are skipping to the next comment, but I just wanted to throw you a big thanks – you cleared up some things for me!
This is my first time visiting your blog. I do envy you since you seem to get a lot more comments then I do. Do you have any secret tips on how I can get more comments or do I just have to be paitent? Anyway, keep up the good work.
Hello! I have been searching Internet and I stumbled upon this blog. I really find the post useful and that i discussed it along with my facebook buddies: it received a whole lot of impressive responses, you can see all of them here: facebook.com/zandiy/posts/121185094604795. Thanks again for posting this with us! Cya!
I’d come to come to terms with you one this subject. Which is not something I usually do! I really like reading a post that will make people think. Also, thanks for allowing me to comment!
I have been told by a friend that Clickbank make it extremely tough to get paid by requiring you to re-sell a variety of totally different e-books from alternative bank cards not to mention Paypal. I would like to work with Clickbank sadly I am concerned with this. Is it true?
Thoroughly loved this type of piece of content thanks again. Truly Fantastic .
Wow, this is very interesting to read. Have you ever considered submitting articles to magazines?
iPad is a nice little tory. i thought it would not get popular but looks like lot of people are using it
User-friendly Firefox:Firefox is the most user-friendly web browser. I am personally a favorite user of Mozilla Firefox. It allows enabling number of add-ons and even user-defined add-ons can be included in Firefox.
I like when you talk about this type of stuff in your blog. Perhaps could you continue this?
I don’t usually comment on someones blog just for the sake of it (unlike others who do it just to get attention) but I’m hoping that your post could lead others to turn this into an intelligent conversation.
Wow! That was a really great article… Please keep writing because I love your style a lot.
Hey, i’ve been reading this web site for a while and have a question, maybe you can help… it’s how do i add your feed to my rss reader as i want to follow you. Thanks. With regards, Lavone.