« Parsing Lynis Audit Reports | Main | ASP.NET attacks infect more than a million: DHS Open Source Report Oct. 19th »
Sesame Street hacked, porn posted: DHS Open Source Report Oct. 18th
By Kelli Tarala | October 19, 2011
The Sesame Street channel on YouTube, a popular stop on the Internet for preschool children, was attacked by a hacker October 16 who deleted all videos from the channel, modified its design, and posted graphic porn to it. It took Google about 22 minutes to take down the offensive content, according to The Next Web. Meanwhile, the Sesame Street Workshop, which produces the kids’ show, alerted its audience to the mishap. In addition to having its channel vandalized, Sesame Street’s YouTube profile was altered. Its name was changed to Mredxwx and a message naming two users, Mredxwxw and Mrsuicider91, as taking credit for the attack was posted. YouTube user Mredxwx denies he had anything to do with attack. At Mrsuicider’s channel site, there’s no mention of the hack.
Full Story:
http://www.pcworld.com/article/242009/sesame_street_hacked_porn_posted.html
Japanese defence cyberattack traced to hacked PC
The worrying cyberattack on Japanese defense contractors in August was probably the work of a single attacker looking to steal industrial secrets, local newspapers reported. Japanese police traced the point of attack to a PC based in the Society of Japanese Aerospace Companies (SJAC), from which an e-mail containing malware was sent August 26 to the target companies, Mitsubishi Heavy (MHI), Kawasaki Heavy, claiming to be a legitimate communication from one of its employees. An online assault on defense contractors including MHI, which builds F-15 fighter jets and other American-designed weapons for Japan’s Self-Defense Forces, began in August but came to light the week of September 19. The attack reproduced an e-mail from a worker sent to the same recipient only hours earlier. Police still maintain no significant data was lost during the attacks, although one of the two firms, MHI admitted some weeks ago that 83 of its PCs and servers had been infected by the malware. The perpetrator and his or her motivation has not yet been uncovered but the site of the attack inside the SJAC raises a possibility the motivation cold have been local rather than foreign. The attacker appears to have tried to obscure the origin of the attacks by reaching out via a proxy server based in the United States.
Full Story:
http://news.techworld.com/security/3311312/japanese-defence-cyberattack-traced-to-hacked-pc/
Citizens Bank swamped by computer outage
Citizens Bank, one of the largest regional banks in the country, was hobbled for hours October 13 by a major computer outage that disrupted everything from on-line banking to teller operations to automatic teller machines in Massachusetts, and other states. Citizens Bank blamed the outage, which began early October 13, on a “technical glitch,” but offered few details. Many customers couldn’t withdraw money from their ATMS, access accounts online, or make deposits at branches. The bank said the problems were mostly resolved by 4 p.m, except for some lingering problems with the Web site. The bank said some customers were still having trouble checking accounts because of a surge of people trying to sign in at once.
Full Story:
http://www.boston.com/Boston/businessupdates/2011/10/citizens-bank-swamped-computer-outage/kut1zy9OPYHyTjqPHYoxuL/index.html
Analysis of 250,000 hacker conversations
Imperva released a report October 17 analyzing the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant. The forum is used by hackers for training, communications, collaboration, recruitment, commerce, and social interaction. Commercially, it serves as a marketplace for stolen data and attack software. The chat rooms are filled with technical subjects ranging from advice on attack planning to solicitations for help with specific campaigns. The forum is also a place where curious neophytes can find “how-to-hack” tutorials. The report not only provides insight into hacker psychology, but also details the technical strategies they learn, develop, and deploy. ”Studying hacker forums is important to providing insights into hacker psychology and technical strategies,” explained Imperva’s chief technology officer.
Full Story:
http://www.net-security.org/secworld.php?id=11794&utm_source=feedburner&utm_medium=
Mass ASP.NET attack causes websites to turn on visitors
An infection that causes poorly configured Web sites to silently bombard visitors with malware attacks had hit almost 614,000 Web pages October 14, Google searches showed. The mass infection, which redirects users to a site exploiting old versions of Oracle’s Java, Adobe’s Flash player, and various browsers, was first disclosed by researchers from Armorize October 12. At the time, it appeared to affect about 180,000 pages. By time of writing October 14, the initial attack and a follow-on exploit spread to 613,890 combined pages. The SQL injection attack mostly exploits Web sites running Microsoft’s ASP.Net web application framework. The infection injects code into Web sites operated by restaurants, hospitals, and other small businesses, and plants an invisible link in visitors’ browsers to sites, including jjghui.com and nbnjkl.com. Those sites redirect to many other Web sites that include highly obfuscated code. At the end of the line is a cocktail of attacks that exploit known vulnerabilities in Java and the other targeted programs. Computers running unpatched versions are then commandeered. Servers in the attack used IP addresses based in the United States and Russia. When Armorize researchers submitted the code used in the attack October 12, just six of the top 43 antivirus providers detected the attack, according to a VirusTotal analysis.
Full Story:
http://www.theregister.co.uk/2011/10/14/mass_website_inection_grows/
DLL loading pops back into the malware picture
Commtouch reported October 14 a new DLL hijacking technique has been spotted in the wild, even though the use of DLL loading has been falling by the wayside in recent times. According to a security researcher with the anti-spam and zero-day remediation specialist, it has been a year since he and his team have seen a DLL (dynamic link layer) hijacking technique that loads a malicious DLL that affects hundreds of programs. The method involves dropping a collection of normal files together with the malicious DLL from within a directory. The most interesting aspect of this latest Deskpan hack, he says, is only the file “deskpan.dll” was detected as malicious, although, he adds, a DLL file inside a folder immediately looks like a DLL hijacking candidate. The researcher said Deskpan.cpl is the Display Panning CPL Extension, a module related to the display settings of pictures that appear on a user’s screen. Together with associated DLLs, this extension allows users to adjust the advanced display adapter properties, and display monitor properties. Once executed, the malware creates files and registry entries. The malware then tries to connect to a remote site using port 443.
Full Story:
http://www.infosecurity-magazine.com/view/21385/dll-loading-pops-back-into-the-malware-picture/Read the Full Daily Open Source Infrastructure Report:
www.enclavesecurity.com/blogresources/cdr_101811.pdf
Security Disclaimer
Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http:// http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes
Topics: DHS Infrastructure Reports | No Comments »
Comments are closed.