Security Response: Showing posts tagged with Security

Job offer spam has been around a while. Itused to work like this: spammer joins job hunting site as a prospectiveemployer, "researches" resumes of prospective employees, and then spamsthose individuals with job offers of home-based businesses. Or,sometimes no job hunting site was involved at all. It was just aspammer sending spam on a home-based business offer. Home-basedbusiness can be legitimate; however, if the offer comes to you via spamthan it most likely is not.

The spammers used to use the job hunting sites themselves to sendthe offers. The recipient would receive the job offer through the siteswhere they had uploaded their resumes and it all looked legitimateuntil they read what the "job offer" actually was. What we are seeingnow is spammers branching out. They appear to have collected the namesof job hunters through these sites and are now sending the job offersdirectly to the prospective employees without going through the jobhunting sites....

It’s been less than 24 hours since theformer Prime Minister of Pakistan was assassinated. As expected, themalware authors and distributors have already begun exploiting themorbid curiosity about Benazir Bhutto's death as a lure to spread theirmalice.

A simple search with terms such as "pakistan prime ministerassassination" yields results that include pages like the one shownbelow:

As some would expect, clicking on some of these links will mean that the old (technique-wise) ActiveX message box will appear:

The problem with many of these links is that the ActiveX Object ismalicious. For example, following the link in the...

There should be no question anymore that the VX scene is dying.

On the 29A forum there was a post that roy g biv has officially leftthe 29A group. Given that Vallez has been silent for over a year, itseems clear that the 29A group is really dead now. We wish the boysluck in whatever legal pursuits that they find now.

On the EOF and DoomRiderz fora, we can read that neither group hasenough material for a new zine. On the rRlf site there's a message thatthe same thing has happened to them. EOF and DoomRiderz alreadyannounced their intention to produce a combined zine and now rRlf hasannounced that they will join in, too. Of course, if people aresubmitting the same thing to multiple groups in case one of themreleases a zine, then even those three groups combined might not haveenough material for a zine. In any case, it will probably not happenthis year.

This brings us to another point - the supposed AV-VX "symbioticrelationship." It should be...

Look, here comes Santa...on his sleigh withRudolph the red-nosed reindeer and a computer. This year, he seems tohave decided to distribute free gifts through email...but with a catch.

An email that contains a link to a malicious file reportedly arrives as the following:
Subject: Seasons Greetings
Message Body:

listen up,

This Christmas, we want to show you something you will really enjoy.
This might not be fun for the whole family, but I bet you'll like it come one take 2 min and check it out.
hxxp://merrychrist[REMOVED]

If you click on the links, you will find pictures of women dressedas "Mrs. Clause" on the site and the malicious file stripshow.exe,which is a new variant of Trojan.Peacomm.D,
will be downloaded if you click on the picture.

...

Orkut is a popular social networking sitewith millions of registered users. A couple of days ago Orkut was hitwith a worm that impacted close to 700,000 users in approximately 24hours. We took a closer look at the exploit to get an idea of why somany users' systems were infected. The exploit was contained in aJavaScript file, aptly named "virus.js" file, which was injected usingan embed tag. Here is a snippet of the JavaScript file:

function $(p,a,c,k,e,d) {
 e=function(c) {
  return(c35?String.fromCharCode(c+29):c.toString(36))
};
if(!''.replace(/^/,String)){
 while(c--){d[e(c)]=k[c]||e(c)}
 k=[function(e){return d[e]}];
 e=function(){return'\\w+'};
 c=1
};
while(c--){
 if(k[c]){
  p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])
 }
 }
return p
};
setTimeout(...

I know, it sounds like the name of an old school rock band, but it’s not. It’s actually going to be one of the most pressing issues for IT in 2008. With millions beginning to enter the workforce from Generation Y, CIOs are scrambling to understand and address perhaps their greatest risk ever.

In 2007 IT is just beginning to get its hands around the concept of IT risk management and figuring out how to translate that for executives and the board. Now they’re confronted by the millennial worker, which is almost cause to rethink IT risk management all over again. Trying to implement IT risk management policies with a "Millennial" workforce—one with members who have been labeled as "risk takers"—is very problematic. In general most "Millennials" tend to believe in a "no-walls" approach when it comes to sharing information. Why shouldn’t all information be shared? Their strength is digital sophistication; some would even...

There’s been a lot of coverage on the FBI Bot Roast II campaignwhere they released information about eight suspects who have beenindicted for conducting criminal botnet activity. Bot herder suspectsfrom across the United States have been linked to criminal activitiessuch as DDoS attacks, conducting multi-million dollar phishing andspamming scams, and in particular stealing personal information thatcould lead to identity theft.

Thousands of pieces of personal information are sold and traded inunderground economy servers found in Internet relay chat (IRC) rooms.When I look around the servers that we monitor, it reminds me ofCauseway Bay at night in Hong Kong. Large advertisements bombard youwith capital letters and carders repeat their sales pitches acrossmultiple lines to attract people to their bargains. They list off theirbest deals and even offer cheaper prices if...