An advanced and well-orchestrated computer spy operation that targeted diplomats, governments and research institutions for at least five years has been uncovered by security researchers in Russia.
The highly targeted campaign, which focuses primarily on victims in Eastern Europe and Central Asia based on existing data, is still live, harvesting documents and data from computers, smartphones and removable storage devices, such as USB sticks, according to Kaspersky Lab, the Moscow-based antivirus firm that uncovered the campaign. Kaspersky has dubbed the operation “Red October.”[more inside]
An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
"Flame" is the name of a newly-identified malware program which utilizes a previously unknown MD5 collision attack to successfully spoof Microsoft Terminal Services, and install itself as a trusted program using Windows Update, Microsoft has confirmed. The program appears to have targeted computers in the Middle East, and specifically Iran; analysts have alleged it is likely created by the same entity that designed Stuxnet. Flame has been live and actively spying since 2010, but went undetected until recently, due to sophisticated anti-detection measures. [more inside]
Multiple analysts warned of vulnerabilities, but instead of being heeded they were severely punished After a lengthy DDOS attack, some determined hacking, and repeated attempts to penetrate its hardened security layer, the host was finally rooted by a cunningly designed piece of social and mechanical engineering. When the malware released its payload, not only was the system completely wiped, but the culture that created it as well. This day in tech: the original Trojan.
The Kaspersky analysts over at Securelist uncovered some interesting things deep in the bowels of the code of a trojan. The hooks of the trojan are written using standard, well known languages and interfaces (C++, DLLs and such), but the payload, upon analysis, seems to be written using some heretofore unknown programming language. Can you figure out what language the Duqu trojan is written in? (via Lambda the Ultimate Programming Blog)
Jupiter has lots. Mars has some, too, as does Neptune. Turns out Earth's got a trojan asteroid of its own. Meet 2010 TK7, the blue planet's new baby brother.
The recent cyber attacks on pro-Tibet groups in the U.S. (attack details, technical data) and on the Save Darfur Coalition, among others, have managed to catch the attention of some in the mainstream media. Such super-targeted spear phishing attacks have been on the rise for several years, and have become an important tool for corporate espionage and military infiltration attempts. Teaching users to recognize such attack emails is probably the most effective deterrence, as technology solutions have shown to not be particularly effective. Some companies and government agencies even conduct sting operations to ferret out which internal users fail the test, targeting them for additional training. [more inside]
Barbarians are at the gates, testing the locks again. Mac OS X users beware: A file supposedly containing pictures of Mac OS X 10.5, actually does other things. Lots of info and links at this first link. Here's the disassembly of the executable (it's just a plain text file) and some notes on the application which comes to this conclusion: "In the end, it doesn't appear to actually do anything other than try to propagate itself via iChat, and unintentionally prevent infected applications from running It seems that this is more of a "proof of concept" implementation that could be utilized to actually do something in the future, depending on how successful it is, or it was simply done to garner attention/press. Which I'm sure it'll get. " Might be a good idea to check out a Mac OS X security primer.
File sharing apps may contain a trojan. It seems some versions of Grokster, Limewire and reportedly Kazaa contain a trojan called W32.DlDer Troja. Whilst I am aware that these apps often install scumware, this seems more serious.
Has anyone set up an online home - museum? - where 'Internet Icons' can be stored safely for future generations? If not shouldn't they? I nominate this coffee pot, this sadly missed phonebox and maybe even this guy. Are there any others which you think would qualify?
I send you this file in order to have your advice. The Sircam worm is spreading at an unbelievable rate, with two interesting bonuses. First, it mass-mails itself to e-mail addresses located in browser cache files (so webloggers with e-mail addresses on their sites are vulnerable). Second, it infects and attaches a random document to the e-mail. If you're careful, this makes it the most entertaining worm yet. (More inside...)
'Serbian Badman' virus not so bad after all. The Register is calling it a hoax in that a DDoS attack just isn't possible with the alleged virus.