By Kelli Tarala | July 21, 2011
The FBI said July 19 it arrested 14 people thought to belong to the hacking group known as Anonymous for alleged participation in a series of distributed denial-of-service (DDoS) attacks against PayPal in 2010 in retaliation for its perceived opposition to WikiLeaks. The defendants were arrested on no-bail arrest warrants in a series of raids in Alabama, California, Colorado, Washington D.C., Massachusetts, and five other states. All were charged in an indictment unsealed in federal court in San Jose, California, July 19. Two other individuals were arrested on related cybercrime charges. One was arrested in Florida on charges he illegally accessed files from a Tampa Bay InfraGard Web site in 2010, and then publicly posted information telling others how to break into the site. The other indictment unsealed in federal court in New Jersey charged a man from Las Cruces, New Mexico, with allegedly stealing roughly about 1,000 documents, applications and files with protected business information from an AT&T server in June 2011, and posting them on a public file-hosting site. The attacks, dubbed “Operation Avenge Assange,” were coordinated by Anonymous using an open-source tool called Low Orbit Ion Cannon the group made available for public download. The 14 individuals named in the indictment have each been charged with conspiring to cause damage to a protected computer, and intentionally causing damage to a protected computer. The conspiracy charge carries a maximum of 5 years in prison and a $250,000 fine, while the intentional damage charge carries a maximum penalty of 10 years in prison and a $500,000 charge.
Fake banking E-mail targets your wallet, computer
A new spin on an old cybercrime ploy is using a devious fake warning about users’ bank account information to trick them into opening their wallets. Scam e-mails are spreading on the Web claiming to contain an important financial statement, researchers at the security firm BitDefender reported July 15. The supposed important data is located in what looks to be a Microsoft Word attachment called “Financial_Statement(dot)exe,” BitDefender said. (Similar scams use a “Postal_document(dot)exe” attachment.) However, the financial statement attachment has no sensitive information; instead, it has a Trojan that copies itself onto the user’s system. In this case, the rogue attachments attempt to trick users into purchasing anti-virus software they don’t need. “The application floods the screen with lots of warning pop-ups to scare the user into buying a useless disinfection tool,” BitDefender wrote. The offending Trojan also shuts down programs and informs victims that the programs are infected with a virus. BitDefender warns users to never open suspicious e-mail attachments, especially if they come from a bank, as banks will never send unsolicited e-mails about financial data.
Oracle patch day closes 78 security holes
Oracle released 78 security patches as part of its July Critical Patch Update. There are 13 fixes for the Oracle Database server, two of which could be remotely exploited by an attacker without authentication. Some of the most critical bugs fixed include holes in Oracle Secure Backup, JRockit, and the Sun SPARC server (Netra T3 and T3 Series). Each product contains vulnerabilities that have a Common Vulnerability Scoring System (CVSS) score of 10.0, the highest possible level of severity. Other vulnerabilities addressed by these updates include holes in, for example, Solaris, Oracle Fusion Middleware, and Oracle Enterprise Manager Grid Control. As several of the vulnerabilities allow an attacker to remotely exploit systems, Oracle recommends system administrators install the patches as soon as possible.
DDoS bot hides as Java update
Antivirus vendor BitDefender warned a piece of malware designed for DDoS is being distributed as a Java update. “…[I]nvestigation on the file revealed more than meets the eye: a carefully-crafted piece of malware that is extremely viral [...] and can be used as a powerful tool to initiate distributed denial-of-service attacks,” a BitDefender security expert said. Besides being distributed from legitimate compromised sites, the piece of malware, which BitDefender detects as Backdoor.IRCBot.ADEQ, is capable of spreading itself through a variety of methods. These include copying itself to folders shared by default by certain P2P applications, infecting USB drives, copying itself to network shares, and sending itself via Windows Messenger or e-mail. The trojan is designed to uninstall other DDoS bots including Cerberus, Blackshades, Cybergate, or the OrgeneraL DDoS Bot Cryptosuite which infect winlogon.exe, csrss.exe, andservices.exe. The botmasters can schedule the bot to launch DDoS attacks against particular URLs at particular times, for predefined intervals of times, and with a specific frequency of requests. Some experts think this capability suggests the bot’s creators might be running a pay-for-DDoS or botnet-for-hire business.
Another cloud outage strikes Microsoft BPOS, Exchange Online
Microsoft Business Productivity Online Suite (BPOS) suffered another outage July 19, adding to its recent streak of cloud outages and issues. The outage put the BPOS Exchange Online e-mail services out of commission for an unknown number of customers for more than 2 hours.
Microsoft research team reports bugs in Facebook, Google Picasa
Microsoft’s Vulnerability Research team disclosed a vulnerability in Google’s Picasa photo editing and sharing application, and a bug in Facebook that could lead to the compromise of a victim’s account. The bug in Picasa could allow an attacker to gain complete control of a user’s machine if he/she could entice the victim into downloading a malicious JPEG file. The vulnerability in Facebook involves a problem with the way the site implemented its protection against clickjacking attacks. An attacker could use the vulnerability to gain full access to a victim’s account. Facebook has since fixed the problem.
Wireshark updates fix security vulnerabilities
Wireshark developers announced the release of versions 1.6.1 and 1.4.8 of their open source, cross-platform network protocol analyzer. The developers said these maintenance and security updates address multiple vulnerabilities that could cause Wireshark to crash “by injecting a series of malformed packets onto the wire or by convincing someone to read a malformed packet trace file.” These include problems related to the Lucent/Ascend file parser and the ANSI MAP dissector, both of which were susceptible to an infinite loop bug. Wireshark 1.4.0 to 1.4.7 and 1.6.0 are said to be affected. A number of bugs in both versions were also fixed.
Read the Full DHS Infrastructure Report:
* Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http:// http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.
Comments are closed.