An alleged hacker gang has broken into email accounts belonging to members of the University of East Anglia's climatology department, and hundreds of embarrassing messages have been leaked to the public at large.
Security experts, as yet, have not released any information on the probable method that was used to gain access to the researchers' accounts, and there is speculation that it was anything from a disgruntled insider to a piece of sophisticated malware.
Recent reports from the UK's Guardian newspaper suggest that the illicit access may have lasted for at least a month, citing the case of BBC weatherman Paul Hudson, who received multiple forwarded emails thought to emanate from the alleged heist after he publicly questioned accepted theories about global climate change in a blog entry.
Climate change skeptics on both sides of the Atlantic have pointed to the leaked emails as proof that environmental scientists are playing fast and loose with the truth, while their critics insist that the leaked emails are nothing more than a well-coordinated PR offensive by industry-backed skeptics.
Monthly Archives: November 2009
UK climatologists’ email accounts hacked, causing political strife on both sides of the pond
Filed under Security News
Tagged as account, climatologist, climatology, email, hacked, PR, University of East Anglia
Tagged as account, climatologist, climatology, email, hacked, PR, University of East Anglia
Experts say that banking Trojans are growing in sophistication
Filed under Security News
Tagged as banking, banks, experts, malware, Silentbanker, sophisticate, Trojans, URLZone, vulnerable
Tagged as banking, banks, experts, malware, Silentbanker, sophisticate, Trojans, URLZone, vulnerable
While security measures have improved steadily in recent years, banks are still vulnerable to advanced malware that resists the best removal efforts of the digital security industry.
Some security experts have even declared that the latest banking Trojans amount to a revolution in malware design, with Finjan pointing to the dangerous URLZone Trojan as a "next-generation program," according to PC World. URLZone contains numerous features designed to inhibit virus detection and efficiently steal money from online banking accounts accessed via infected PCs. According to researchers at RSA Security, URLZone can even tell if it is being watched by security experts.
Other Trojans, like Silentbanker and Zeus, also use sophisticated programming techniques to frustrate any attempt at detection. Zeus spreads via phishing and can easily perform complete identity thefts without alerting the victim. Silentbanker is able to take screen captures of bank account information and add malicious redirects into browser sessions.
Security experts say that online banking should be done with extreme caution, and only after ensuring that all applicable software is properly patched and updated.
Some security experts have even declared that the latest banking Trojans amount to a revolution in malware design, with Finjan pointing to the dangerous URLZone Trojan as a "next-generation program," according to PC World. URLZone contains numerous features designed to inhibit virus detection and efficiently steal money from online banking accounts accessed via infected PCs. According to researchers at RSA Security, URLZone can even tell if it is being watched by security experts.
Other Trojans, like Silentbanker and Zeus, also use sophisticated programming techniques to frustrate any attempt at detection. Zeus spreads via phishing and can easily perform complete identity thefts without alerting the victim. Silentbanker is able to take screen captures of bank account information and add malicious redirects into browser sessions.
Security experts say that online banking should be done with extreme caution, and only after ensuring that all applicable software is properly patched and updated.
App Store is the next big target for cyber crooks
Filed under Security News
Tagged as App Store, criminals, Cyber, iPhone, malware, smartphone, target
Tagged as App Store, criminals, Cyber, iPhone, malware, smartphone, target
Experts say that the next frontier for writers and distributors of malicious software is the smartphone market, which is not adequately secured and growing at a rapid pace.
Nick Jones, an analyst at research firm Gartner, told Secure Computing magazine that Apple's App Store is a likely target for malware purveyors. "There is no way that Apple can afford to inspect the code of every application that goes onto the App Store. They do some lightweight inspection and testing, it goes up on the App Store and there is not a lot to stop it doing something malicious," said Jones.
Secure Computing writes that the App Store has served more than a billion downloads since its launch in 2008, and that 100,000 applications have been approved for distribution via the popular service. Enterprises have little control over the security of iPhones being used for business because they are frequently purchased by employees for both business and personal use.
The first iPhone malware vector has been different, with worms afflicting jailbroken iPhones with a variety of symptoms ranging from simple harassment to attempted identity theft.
Nick Jones, an analyst at research firm Gartner, told Secure Computing magazine that Apple's App Store is a likely target for malware purveyors. "There is no way that Apple can afford to inspect the code of every application that goes onto the App Store. They do some lightweight inspection and testing, it goes up on the App Store and there is not a lot to stop it doing something malicious," said Jones.
Secure Computing writes that the App Store has served more than a billion downloads since its launch in 2008, and that 100,000 applications have been approved for distribution via the popular service. Enterprises have little control over the security of iPhones being used for business because they are frequently purchased by employees for both business and personal use.
The first iPhone malware vector has been different, with worms afflicting jailbroken iPhones with a variety of symptoms ranging from simple harassment to attempted identity theft.
New zero-day flaw discovered in older versions of Internet Explorer
Filed under Security News
Tagged as exploit, flaw, IE, javascript, malware, Symantec, vulnerability, zero-day
Tagged as exploit, flaw, IE, javascript, malware, Symantec, vulnerability, zero-day
Security researchers at Symantec report that new malware has targeted a memory corruption vulnerability in Internet Explorer 6 and 7, which carries the potential for system crashes or malicious redirects.
The company revealed the vulnerability in a blog post over the weekend, saying that, while the current iteration of the malware showed "signs of poor reliability," they expect well-written exploit code to hit the internet in "the near future." The Javascript-based exploit - which the researchers have dubbed Bloodhound.Exploit.129 - requires prospective victims to visit an infected website.
As usual, the best way to avoid being infected by this malware is to ensure that all of the latest security patches and updates have been applied. Symantec recommends disabling Javascript and only visiting trusted websites until Microsoft can release a bugfix for the vulnerability.
Though long since superseded by Internet Explorer 8, Internet Explorer 6 and 7 are still widely used by some enterprise consumers for reasons of compatibility and familiarity. Experts recommend upgrading to the latest version and keeping all software patched.
The company revealed the vulnerability in a blog post over the weekend, saying that, while the current iteration of the malware showed "signs of poor reliability," they expect well-written exploit code to hit the internet in "the near future." The Javascript-based exploit - which the researchers have dubbed Bloodhound.Exploit.129 - requires prospective victims to visit an infected website.
As usual, the best way to avoid being infected by this malware is to ensure that all of the latest security patches and updates have been applied. Symantec recommends disabling Javascript and only visiting trusted websites until Microsoft can release a bugfix for the vulnerability.
Though long since superseded by Internet Explorer 8, Internet Explorer 6 and 7 are still widely used by some enterprise consumers for reasons of compatibility and familiarity. Experts recommend upgrading to the latest version and keeping all software patched.
Phishing scams target the unemployed and desperate
Craigslist and other job-hunting sites are proving fertile hunting grounds for cyber criminals, as high unemployment rates and a down economy drive riskier online behavior.
Denver NBC affiliate 9News cites Sarah Johnson as a typical victim of one of the phishing scams. While searching for a job on Craigslist, the unemployed woman responded to an ad offering payment for various holiday-related tasks. However, after receiving a "professional" response to her initial inquiry, Johnson then got a request to cash a check and wire the balance of the funds to the UK. She then realized that the opportunity was a scam.
Experts say that this is an all-too-common type of online crime. The check eventually bounces, and the victim is then on the hook for the amount of the check, not the scam artist. It is nearly impossible for victims to regain their lost funds.
The holidays are a particularly fruitful time for online scammers, say analysts. Consumers must be particularly careful, and remember the time-honored rule: "If it sounds too good to be true, it probably is."
Denver NBC affiliate 9News cites Sarah Johnson as a typical victim of one of the phishing scams. While searching for a job on Craigslist, the unemployed woman responded to an ad offering payment for various holiday-related tasks. However, after receiving a "professional" response to her initial inquiry, Johnson then got a request to cash a check and wire the balance of the funds to the UK. She then realized that the opportunity was a scam.
Experts say that this is an all-too-common type of online crime. The check eventually bounces, and the victim is then on the hook for the amount of the check, not the scam artist. It is nearly impossible for victims to regain their lost funds.
The holidays are a particularly fruitful time for online scammers, say analysts. Consumers must be particularly careful, and remember the time-honored rule: "If it sounds too good to be true, it probably is."
Experts dissect Chrome OS security features
Filed under Security News
Tagged as Chrome, Chrome OS, malware, OS, Ryan Naraine, sandboxing, security, ZDNet
Tagged as Chrome, Chrome OS, malware, OS, Ryan Naraine, sandboxing, security, ZDNet
Yesterday's release of Google's groundbreaking new cloud-based operating system, Chrome OS, has caused a stir in techie circles, with experts of all stripes rushing to examine the product and issue their judgments.
On the security front, it seems, Chrome OS passes the tests with flying colors. Experts like Ryan Naraine of ZDNet went into some detail to investigate the security features present in Google's new OS, and found it to contain numerous advanced features that render it a difficult target for malware.
Chrome OS uses a feature called process sandboxing to stop malicious applications from running on the system, and numerous file system restrictions to further narrow the window through which malware must pass in order to affect the system. Naraine writes that the security is designed to stop "opportunistic [adversaries]" from gaining access to Chrome OS machines, and compares the security setup to that of an iPhone.
Chrome OS has sparked discussion in other areas, as well. Many analysts have speculated that Google's new product could signal the end of local storage devices in favor of distributed cloud storage and processing solutions.
On the security front, it seems, Chrome OS passes the tests with flying colors. Experts like Ryan Naraine of ZDNet went into some detail to investigate the security features present in Google's new OS, and found it to contain numerous advanced features that render it a difficult target for malware.
Chrome OS uses a feature called process sandboxing to stop malicious applications from running on the system, and numerous file system restrictions to further narrow the window through which malware must pass in order to affect the system. Naraine writes that the security is designed to stop "opportunistic [adversaries]" from gaining access to Chrome OS machines, and compares the security setup to that of an iPhone.
Chrome OS has sparked discussion in other areas, as well. Many analysts have speculated that Google's new product could signal the end of local storage devices in favor of distributed cloud storage and processing solutions.
Want to secure your iPhone against intruders? There’s an app for that
Cisco Systems today released a free iPhone app that will allow users to receive security updates and the latest news on web threats, as well as aggregating additional security related content for iPhone users.
According to CNET security correspondent Elinor Mills, the app will draw on data from Cisco's Security Intelligence Operations (SIO) system, which itself collects real-time information from 700,000 sensors located at important locations throughout the internet. Mills says that Cisco uses this data to detect spam campaigns and various types of malware attack.
The SIO To Go app will also allow users to investigate websites and email addresses from their iPhones, comparing the data to watch lists maintained by Cisco's SIO. Cisco executive Marie Hattar said that "[the app] improves the means by which IT departments are alerted to threats, and it provides added confidence and device flexibility as Cisco customers are shielded from these breaches."
Jailbroken iPhones have made security headlines in recent weeks as malware programmers exploited loopholes to create the first two iPhone worms found in the wild.
According to CNET security correspondent Elinor Mills, the app will draw on data from Cisco's Security Intelligence Operations (SIO) system, which itself collects real-time information from 700,000 sensors located at important locations throughout the internet. Mills says that Cisco uses this data to detect spam campaigns and various types of malware attack.
The SIO To Go app will also allow users to investigate websites and email addresses from their iPhones, comparing the data to watch lists maintained by Cisco's SIO. Cisco executive Marie Hattar said that "[the app] improves the means by which IT departments are alerted to threats, and it provides added confidence and device flexibility as Cisco customers are shielded from these breaches."
Jailbroken iPhones have made security headlines in recent weeks as malware programmers exploited loopholes to create the first two iPhone worms found in the wild.
Microsoft counts Chrome coup with discovery of security flaw
Security researchers at Microsoft recently discovered a security vulnerability in Google's controversial Chrome Frame for Internet Explorer, a browser plug-in that simulates Chrome functionality within an Internet Explorer session.
The vulnerability, which was fixed by Google in a patch pushed out on Wednesday, could have been used to design a cross-origin bypass to gain unauthorized access to the systems on which Chrome Frame was running, although Google says that it was unaware of any active exploits and that the vulnerability would not have allowed "persistent" malware access.
Chrome Frame has been a thorn in the side of Microsoft since its release, with the Redmond giant saying that it made Internet Explorer users less secure while browsing. Until this vulnerability was discovered, however, the company had no evidence of any insecurity.
Chrome Frame's silent, automatic update - a common feature of Google products - has also drawn fire, with critics saying that the company violates its customers' right to control what software is installed on their PCs. Google has responded by asserting that the automatic patching ensures that all users are protected against the latest threats.
The vulnerability, which was fixed by Google in a patch pushed out on Wednesday, could have been used to design a cross-origin bypass to gain unauthorized access to the systems on which Chrome Frame was running, although Google says that it was unaware of any active exploits and that the vulnerability would not have allowed "persistent" malware access.
Chrome Frame has been a thorn in the side of Microsoft since its release, with the Redmond giant saying that it made Internet Explorer users less secure while browsing. Until this vulnerability was discovered, however, the company had no evidence of any insecurity.
Chrome Frame's silent, automatic update - a common feature of Google products - has also drawn fire, with critics saying that the company violates its customers' right to control what software is installed on their PCs. Google has responded by asserting that the automatic patching ensures that all users are protected against the latest threats.
UK cops arrest two in Zbot Trojan case
Filed under Security News
Tagged as British, online banking, police, the Guardian, trojan, two, ZBot
Tagged as British, online banking, police, the Guardian, trojan, two, ZBot
The British Metropolitan Police took two suspected cyber criminals into custody earlier this month in connection with an investigation into the Zbot banking Trojan.
Zbot, which is also known as Zeus, is a highly sophisticated piece of malicious software, according to experts. The Trojan, which is difficult to detect with conventional anti-virus software, is capable of recording and retransmitting a wide array of personal information back to a central server, including online banking and social networking data.
Zbot can also form infected machines into a botnet, which can then be used to perform a number of malicious online actions like spam campaigns and denial-of-service attacks. Signature-based virus detection is frequently useless against the Trojan, since it can take on numerous forms.
The Guardian newspaper says that the suspects, one male and one female, are both 20 years old. They were arrested in Manchester, and are currently free on bail while the investigation continues. Police told UK media outlets that the two used Zbot to steal "millions of lines of data" from affected computers.
Zbot, which is also known as Zeus, is a highly sophisticated piece of malicious software, according to experts. The Trojan, which is difficult to detect with conventional anti-virus software, is capable of recording and retransmitting a wide array of personal information back to a central server, including online banking and social networking data.
Zbot can also form infected machines into a botnet, which can then be used to perform a number of malicious online actions like spam campaigns and denial-of-service attacks. Signature-based virus detection is frequently useless against the Trojan, since it can take on numerous forms.
The Guardian newspaper says that the suspects, one male and one female, are both 20 years old. They were arrested in Manchester, and are currently free on bail while the investigation continues. Police told UK media outlets that the two used Zbot to steal "millions of lines of data" from affected computers.
Domain registrar VeriSign will receive “major security update” by 2011
Filed under Security News
Tagged as 2011, cache poisoning, DNSSEC, malvertising, malware, scareware, security update, SQL injection, Trojans, VeriSign, ZDNet
Tagged as 2011, cache poisoning, DNSSEC, malvertising, malware, scareware, security update, SQL injection, Trojans, VeriSign, ZDNet
A well-known security vulnerability in the way .com and .net websites process DNS values - the way alphanumeric website names are translated into numeric web addresses - will be fixed, but not until 2011, according to a report from tech news website ZDNet.
VeriSign, the company responsible for the registry of websites with the .com and .net suffixes, said that the issue will be solved by DNSSEC, a program that will verify the integrity and origin of DNS information. Technical problems are the major roadblock to DNSSEC implementation, according to VeriSign.
Currently, it is possible to implant false DNS information into web addresses in order to mislead users into visiting a different site than they had intended. This technique is frequently used to infect computers with malicious code and can be used in conjunction with "drive-by downloads" to spread Trojans and other malware. This tactic is called "cache poisoning."
Cache poisoning is not the only widely-used malware distribution trick in the modern cyber criminal's arsenal. SQL injection, scareware, and malvertising are also common tactics among malicious hackers.
VeriSign, the company responsible for the registry of websites with the .com and .net suffixes, said that the issue will be solved by DNSSEC, a program that will verify the integrity and origin of DNS information. Technical problems are the major roadblock to DNSSEC implementation, according to VeriSign.
Currently, it is possible to implant false DNS information into web addresses in order to mislead users into visiting a different site than they had intended. This technique is frequently used to infect computers with malicious code and can be used in conjunction with "drive-by downloads" to spread Trojans and other malware. This tactic is called "cache poisoning."
Cache poisoning is not the only widely-used malware distribution trick in the modern cyber criminal's arsenal. SQL injection, scareware, and malvertising are also common tactics among malicious hackers.