By Kelli Tarala | May 21, 2012
ZTE, the world’s fourth-largest handset vendor and one of two Chinese companies under U.S. scrutiny over security concerns, said one of its mobile phone models sold in the United States contains a vulnerability researchers said could allow others to control the device. The hole affects ZTE’s Score model that runs on Google’s Android operating system. The hole, or backdoor, allows anyone with the hardwired password to access the affected phone, a researcher for cybersecurity firm CrowdStrike said. ZTE and Chinese telecommunications equipment manufacturer Huawei Technologies were stymied in their attempts to expand in the United States over concerns they are linked to the Chinese government, though both companies denied this. Most concerns centered on the fear of backdoors or other security vulnerabilities in telecommunications infrastructure equipment rather than in consumer devices. Reports of the ZTE vulnerability first surfaced the week of May 14 in an anonymous posting on a code-sharing Web site. Since then, others alleged different ZTE models, including the Skate, also contain the vulnerability. The password is readily available online. ZTE said it confirmed the vulnerability on the Score phone, but denied it affected other models. The CrowdStrike researcher said his team analyzed the vulnerability and found the backdoor was deliberate because it was being used as a way for ZTE to update the phone’s software. It is a question, he said, of whether the purpose was malicious or just sloppy programming. While security researchers highlighted security holes in Android and other mobile operating systems, it is rare to find a vulnerability apparently inserted by the hardware manufacturer.
Spam with malicious attachments rising
While the volume of spam messages is falling, the number of messages containing malicious attachments increased, meaning spam is growing more dangerous even as it becomes less prevalent, according to a Bitdefender study. The number of malicious attachments in January 2012 rose 4 percent from the same period in 2011, even as the overall number of spam messages sent dropped by more than 16 percent in the first quarter of 2012 from the last quarter of 2011, Bitdefender research shows. Of the 264.6 billion spam messages sent daily, 1.14 percent carry attachments — about 300 million of which are malicious. After increasing in January, the growth of malicious attachments leveled-off amid an apparent pause in spam campaigns even though spam continued to fall overall. Attachments may come in the form of phishing forms that trick users into typing in credit card credentials for scammers to use whenever they want. Or, they may pack malware such as trojans, worms, and viruses that can eventually cause trouble for users.
British hackers get jail terms
Two separate cases in the United Kingdom saw hackers receive jail terms of 12 and 18 months. In one case, a British man from West Sussex pleaded guilty to hacking into a U.S. citizen’s Facebook account and gaining access to that person’s e-mail account in January 2011. The Metropolitan Police Service’s Police Central e-Crime Unit was informed of the breach via the FBI and arrested the man in July 2011 under the Computer Misuse Act. In the other case, a hacker was found using a Call of Duty “patch,” which was in fact a trojan carrying a keylogger and other malware. The hacker is said to have acquired users’ credentials and sold them for $1 to $5 on an online market; the proceeds were transferred to a Costa Rica-based account. However, his online activities were not detected until after he was caught attempting to burgle Walmer Science College in Deal in March 2012.
Spammers promote fake luxury goods on hijacked Joomla and WordPress sites
Security experts found many compromised WordPress and Joomla Web sites used by spammers to advertise sketchy diet pills and counterfeit luxury goods. The owners of these sites are most likely unaware of what is going on. Web masters often fail to check their sites’ subdirectories for signs of malicious files and Web pages, thus allowing cybercriminals to use the domain’s reputation to host their scams, Unmask Parasites reported. Attackers often brute-force administrator passwords to gain access to a site’s back end. Once the criminals gain access, they inject a Web shell into an existing plugin by utilizing the Theme Editor. The shell is leveraged to create a subfolder to which a WordPress installation package is uploaded. After obtaining the MySQL credentials from the wp-config.php or configuration.php files, depending on whether the site is Joomla or WordPress-based, the attacker is able to install their own theme and make a fully operational Web site. These sites represent “doorways” that point unsuspecting visitors to malicious domains. Experts discovered around 3,000 compromised Web sites that stored such doorway blogs. Reportedly, some of the blogs that advertise slimming and luxury goods were created in March 2012, but there were a few created 1 year ago. The hijacked sites also host phishing pages that try to trick users into disclosing online banking credentials and other sensitive data.
NCC Group maps source of global hack attempts during Q1
Using data collected from DShield, the NCC Group mapped out its latest report on the origin of computer hacking attempts for the first quarter of 2012. NCC noted the top 10 changed significantly since its previous report 3 months ago. Italy, France, and India dropped off the top 10 list, while the Ukraine in fifth, South Korea in ninth, and the United Kingdom made the list. Russia showed a large increase, with more than 12 percent of global hacks originating from the country, putting it in third place, behind the United States and China. There was also a rise in hacks appearing to originate from the Netherlands, up from 3.1 percent to over 11 percent, moving it into fourth place in the hacking chart.
Global Payments breach reportedly worse than expected
The security breach at credit card processing company Global Payments extends back further than was previously believed, H Security reported May 18. According to BankInfoSecurity, the incident is now thought to go back as far as January 2011 — it was originally believed to have taken place between January 21 and February 25, 2012, but was later dated to early June 2011. While initial reports of the breach suggested more than 10 million accounts were compromised, Global Payments later said fewer than 1.5 million card numbers were taken.
Disclaimer: The above information largely has been reproduced from the DHS Open Source Daily Report, a full version of which can be found at http://www.dhs.gov/files/programs/editorial_0542.shtm. Enclave Security, LLC and its agents used their best efforts in collecting and preparing the information published herein. However, Enclave Security, LLC, does not assume, and hereby disclaims, any and all liability for any loss or damage caused by errors or omissions, whether such errors or omissions resulted from negligence, accident, or other causes.