Every now and then, Wikipedia's popularity and brand are misused by malware peddlers, typosquatters and scammers.
But the fact that the Wikipedia project is funded exclusively by donors and the site never display ads also makes it a good litmus test for discovering whether one's machine is infected with certain types of malware.
"If you’re seeing advertisements for a for-profit industry or anything but our fundraiser, then your web browser has likely been infected with malware," Wikipedia's Director of Community Advocacy Philippe Beaudette pointed out in a recent blog post.
This usually happens when a specific browser extension has been inadvertently downloaded and installed by the user.
"Ads injected in this manner may be confined to some sites, even just to Wikipedia, or they may show up on all sites you visit," he says. "Browsing through a secure (HTTPS) connection may cause the ads to disappear, but will not fix the underlying problem."
One must disable the extension in question, but even after having done this, other malware could still be hiding on the computer, and then a malware scan is order.
Beaudette points out that ads seen on Wikipedia's site can have one final source - one that might not be malicious but is still annoying: the users' Internet provider, who injects them into web pages for profit.
Monday, May 21, 2012
Flashback Botmasters Earned Less Than $15K
The researchers initially calculated that a botnet of that size could bring in $10,000 per day to its masters, as the malware's ad-clicking component would intercept browser requests, target search queries made on Google and redirect users to another page of the attacker's choosing. Consequently, the attackers would receive payment for the ad click instead of Google.
Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.
"From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job," shared Symantec.
Reference:
Alas for the botmasters, not everything went as planned. They managed to install the ad-clicking component only on some 10,000 of the 600,000+ infected machines because security researchers reacted quickly and took down most of their C&C servers.
"From our analysis we have seen that, for a three-week period starting in April, the botnet displayed over 10 million ads on compromised computers but only a small percentage of users who were shown ads actually clicked them, with close to 400,000 ads being clicked. These numbers earned the attackers $14,000 in these three weeks, although it is worth mentioning that earning the money is only one part of the puzzle—actually collecting that money is another, often more difficult, job," shared Symantec.
Reference:
Sunday, May 20, 2012
Worm Targets Facebook Users Via PMs
A worm posing as a JPG image has seemingly been spotted propagating on Facebook and through various IM applications. "We recently received reports about private messages found on Facebook and distributing a link, which is a shortened URL pointing to an archive file May09-Picture18.JPG_www.facebook.com.zip," Trend Micro researchers warn. "This archive contains a malicious file named May09-Picture18.JPG_www.facebook.com and uses the extension .COM."
Once the file is run and the worm gains a foothold in the system, it first tries to find and disable antivirus software in order to avoid detection. Then, it contacts a number of websites, and downloads from them another worm.
Zeus Exploits Users of Facebook, Gmail, Hotmail and Yahoo!
The scams exploit the trust relationship between users and these well-known service providers, as well as the Visa and MasterCard brands, to steal users’ debit card data.
In the first attack against Facebook, the malware uses a web inject to present the victim with a fraudulent 20% cash back offer by linking their Visa or MasterCard debit card to their Facebook account.
Reference:
Saturday, May 19, 2012
Cyber Security Still Takes A Backseat For Major Companies
As cyber threats continue to be a nuisance to major companies, senior management has yet to give it the attention it deserves, a recent study finds.
While they are some of the most distinguished enterprises in the world, and considered big targets for cyber attacks, the report indicates that top-level management at the firms still neglect suitable governance over the “security of their digital assets.”
Reference:
While they are some of the most distinguished enterprises in the world, and considered big targets for cyber attacks, the report indicates that top-level management at the firms still neglect suitable governance over the “security of their digital assets.”
Wireless Tech Makes Health Care Security a 'Major Concern'
The use of wireless technology in the latest medical devices found in hospitals, health clinics and doctor offices has become a major concern of the U.S. Department of Homeland Security (DHS).
In a bulletin issued this month, the DHS warned that while new technology brings efficiency, lower cost and better patient care, it also carries security risks that the multi-trillion-dollar healthcare industry may not be prepared to tackle.
"The communications security of medical devices to protect against theft of medical information and malicious intrusion is now becoming a major concern," the report, entitled "Attack Surface: Healthcare and Public Health Sector," said.
Reference:
In a bulletin issued this month, the DHS warned that while new technology brings efficiency, lower cost and better patient care, it also carries security risks that the multi-trillion-dollar healthcare industry may not be prepared to tackle.
"The communications security of medical devices to protect against theft of medical information and malicious intrusion is now becoming a major concern," the report, entitled "Attack Surface: Healthcare and Public Health Sector," said.
Reference:
White House’s Cyber Security Official Retiring
The White House’s cybersecurity coordinator said Thursday that he is stepping down at the end of this month after a 2 1 / 2-year tenure in which the administration has increased its focus on cyber issues but struggled to reach agreement with lawmakers on the best way to protect the nation’s key computer networks from attack.
Howard Schmidt, who oversaw the creation of the White House’s first legislative proposal on Cyber Security, said he is retiring to spend more time with his family and to pursue teaching in the cyber field.
Howard Schmidt, who oversaw the creation of the White House’s first legislative proposal on Cyber Security, said he is retiring to spend more time with his family and to pursue teaching in the cyber field.
Friday, May 18, 2012
Pre-Boxed Crap
...BUTCH
For example:
We as an industry have spoken at great lengths about security in the SDLC but we’ve only paid marginal attention to secure requirements. It’s time to move on from crash testing.
- We can require that developers not maintain integral state data on the client to defend against parameter manipulation.
- We can require that session ids are always sent over SSL.
- We can both require and check for these things before an app is deployed, so that the only thing left for crash testing are mistakes that slipped through the cracks, complex domain specific security flaws, and novel / unique security issues that haven’t been defined yet.
We as an industry have spoken at great lengths about security in the SDLC but we’ve only paid marginal attention to secure requirements. It’s time to move on from crash testing.
Thursday, May 17, 2012
Ninety Percent of HTTPS Websites Insecure
Recently the most popular websites using secure online transactions (Online stores, banks, communication sites, etc.) were tested for security and most did not fare very well.
Of the approximately 200,000 HTTPS SSL encrypted websites tested, only about 10% are properly secured according to the Trustworthy Internet Movement (TIM).
Also, about 75% of the sites are still vulnerable to a BEAST attack:
Of the approximately 200,000 HTTPS SSL encrypted websites tested, only about 10% are properly secured according to the Trustworthy Internet Movement (TIM).
Also, about 75% of the sites are still vulnerable to a BEAST attack:
Why Security Through Obscurity Still Does Not Work
Recently I provided Howard Anderson at HealthInfosecurity.com with some of my thoughts about the recent Utah Department of Health breach of the files of 900,000 individuals, and counting.
He included some of my thoughts in his blog post, along with thoughts from others. I wanted to provide my full reply here, along with some expanded thoughts.
As background, for those of you who may not have heard of this hack yet, in a nutshell:
The data breach occurred on March 30. A configuration error occurred at the password authentication level. This allowed hacker(s), located in Eastern Europe, to obtain files containing sensitive information by circumventing the Utah Department of Technology Services’ (DTS’s) security system.
The files were stored on a server that contained Medicaid information at DTS.
Reference:
Subscribe to:
Posts (Atom)