Security

SecureWorks unmasks the Coreflood Trojan

On Monday, SecureWorks released its analysis of the Coreflood Trojan, providing an inside look at a stealthy online predator.

According to a blog by Joe Stewart, director of malware research for SecureWorks, Coreflood started out as an IRC (Internet relay chat) botnet back in 2002. Coreflood--or AFcore, as the author refers to it within the code--is apparently viewed by its author as corporate software that can be tweaked as business needs change. For example, over the last six years, Coreflood has evolved from initiating distributed denial-of-service attacks to collecting IDs and passwords for bank fraud.

With the help of Spamhaus, … Read more

Apple patches 25 flaws with latest update

On Monday, Apple released Mac OS X 10.5.4. In addition to enhancements to existing features, Apple bundled in 13 specific security updates, including one for Safari 3.1.2. The security update APPLE-SA-2008-004 and Mac OS X 10.5.4 can be downloaded and installed from Apple Downloads.

Alias Manager This patch only affects users of Mac OS X v10.4.11 and Mac OS X Server v10.4.11. The update addresses an alias manager vulnerability described in CVE-2008-2308. According to Apple, a "memory corruption issue exists in the handling of AFP volume mount information in … Read more

Turkish criminal hackers hijack ICANN sites

On Thursday, the domains used by ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority, were hijacked. A Turkish hacking group known as NetDevilz claimed =responsibility. There is no word on how the hijack was accomplished.

The group successfully redirected ICANN site visitors to a page with the following message:

"You think that you control the domains but you don't! Everybody knows wrong. We control the domains including ICANN! Don't you believe us? haha :) (Lovable Turkish hackers group)"

According to SANS, changes to the ICANN site were corrected within … Read more

Security Bites 105: Does antivirus protection matter?

This week CNET's Robert Vamosi talks with Eva Chen, co-founder and CEO of Trend Micro.

For more than 20 years Chen has been active in the antimalware community and has kept her company competitive worldwide against competition such as Symantec and McAfee

Chen visited CNET to talk about Trend Micro's ambitious goal of putting anti-malware protection in the cloud. She argues that signature-based protection is still faster than running a full heuristic sandbox to detect new malicious software.

Chen thinks that by having your desktop ping a signature database in the cloud you'll get a faster, lighter, … Read more

Black Hat launches Webinar series

Jeff Moss, founder and director of Black Hat, on Thursday moderated the first-ever Black Hat Webinar, previewing five presentations to be given at the security conference in Las Vegas in August.

Moss said he was pleased that more than 1,000 people attended and admitted they were "expecting maybe a few hundred." Black Hat has already implemented RSS feeds, Twitter, and even a LinkedIn group.

"The Webinars will be much more than that," Moss said. In the future, he hinted, Black Hat will publish an editorial calendar, with a new Webinar at least once a month. … Read more

London transit cards cracked and cloned

Last week a Dutch researcher rode free on the London transit system, having hacked the public transit system's card system; he used a clone of a paying passenger's transit cards. His point? The transit smartcards, which are used my millions worldwide, are vulnerable to attack.

Dr. Bart Jacobs of Radboud University in Holland used an ordinary laptop to show how to clone the Mifare Classic smartcard used in London's Oyster transit card. The Mifare Classic smartcard is used for worker access cards as well.

Once he obtained the key used by the London transit system, Dr. Jacobs … Read more

Woman accused of hacking Houston organ bank indicted

On Tuesday, the FBI announced the indictment of a former technology director accused of hacking into the system at a Houston organ bank and deleting patient files.

The indictment alleges that Danielle Duann, 50, illegally accessed and damaged LifeGift Organ Donation Center's database in November 2005, shortly after she was fired as director of information technology for the company. She is alleged to have deleted organ donation database records and accounting invoice files from the network. LifeGift said that all of the records were restored from a backup and that no patients were put into jeopardy.

At the time … Read more

Microsoft tools address SQL injection attacks

On Tuesday, Microsoft issued new tools to assist Microsoft ASP and ASP.NET technologies against recent Web-based attacks.

In April attackers went after Microsoft SQL sites by injecting malicious JavaScript onto legitimate sites. The JavaScript would direct a browser to a server hosting malicious software infecting the desktop with a variety of exploits. At the time Microsoft insisted it was not the result of a vulnerability, but lack of best practices on the sites themselves.

The tools released Tuesday are designed to help Web developers mitigate against such attacks.

"These free tools offer detection and defense, as well as … Read more

Adobe releases security updates for Reader, Acrobat

On Monday, Adobe released a security update for a serious vulnerability within Reader and Acrobat. The vulnerability described in CVE-2008-2641 is being circulated on the Internet. Adobe says if exploited the vulnerability could crash applications and could allow an attacker to take control of the affected system.

The update affects Adobe Reader 8.0 through 8.1.2, Adobe Reader 7.0.9 and earlier, Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2, Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier. It does not affect Adobe Reader 7.1.0 and Acrobat 7.… Read more