Monthly Archives: January 2012

Compromised WordPress based websites leading to Phoenix Exploit Kit

Sending bulk emails(spam), containing poisoned links is for long time now one of the methods used by hackers to infect computers with malware, everybody knows the reasons, to steal the user credentials or to use the infected computers in other nefarious actions as botnet. Generally, the scam emails are presented as a request from an institution, bank, other financial institution,  Telephony or Internet provider to clarify a confused situation, asking for the user interaction. These fake emails are talking about large amount of money that must be paid possibly in error, trying to scare the user and determine him to act as soon as possible to rectify the situation. Other …

Continue reading

Posted in Thoughts.

Critical vulnerabilities in Windows Media allow remote code execution

Recently Microsoft released several security patches for a vulnerability discovered in Windows Media components in their Microsoft Security Bulletin MS12-004 – Critical. The vulnerability affects more or less all Windows operating systems 32 and 64 bits starting with Windows XP SP3, ending with Windows 7 and Windows Server 2008 R2 and consists in allowing of remote code execution when a specially crafted MIDI file is handled by Windows Media Player or DirectShow. Affected Windows operating systems components are as follows: Windows Media Library and DirectShow components:  Windows XP Service Pack 3 Windows XP Media Center Edition 2005 Service Pack 3 Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 …

Continue reading

Posted in Thoughts.

Android.Counterclank Found in Official Android Market

Symantec has identified multiple publisher IDs on the Android Market that are being used to push out Android.Counterclank. This is a minor modification of Android.Tonclank, a bot-like threat that can receive commands to carry out certain actions, as well as steal information from the device. Source What started out as a way to provide a cheaper phone is now becoming a headache. Licensing is a heavy hitter in the cost of a phone. Manufactures pay serious money to use propitiatory software by Apple or Microsoft. Using Android, a derivative of Linux sourcing, provides FLOSS software. The headache with it is that the changes in OSS must be posted to the …

Continue reading

Posted in Thoughts.

Woeful SCADA Security

The talk presented the findings of “Project Basecamp,” a volunteer-led security audit of leading programmable logic controllers (PLCs). The audit found that decrepit hardware, buggy software and pitiful or nonexistent security features make thousands of PLCs vulnerable to trivial attacks by external hackers that could cause PLC devices to crash or run malicious code. Source This opens a whole new field of malware attack area of opportunity. It’s been coming for a long time with claims surfacing of possible hacker attacks into infrastructure that could literally effect your way of life. To start out with, SCADA (Supervisory Control and Data Acquisition) and it’s hand in hand component PLC (Programmable Logic …

Continue reading

Posted in Thoughts.

Megaupload is down, a fake Megaupload website appears

Megaupload.com , the well known file-sharing website was taken down by authorities(read FBI) and its co-founder Kim Dotcom and several other members from the staff were charged for: Conspiracy to Commit Racketeering, Conspiracy to Commit Copyright Infringement, Conspiracy to Commit Money Laundering, Criminal Copyright Infringement by distributing a Copyrighted Work Being Prepared for Commercial Distribution on a Computer Network & Aiding and Abetting of Criminal Copyright Infringement and Criminal Copyright Infringement by Electronic Means. The full indictment is here. The indictment was filed in The United States District Court for The Eastern District of Virginia, Alexandria Division. Dotcom and three other members were arrested Thursday, January 19 in Auckland, New …

Continue reading

Posted in Thoughts.

Tokyo, we have a problem

Tokyo, we have a problem Japanese space engineers have admitted one of their computers has been infected by a Trojan that may have leaked sensitive data, including system login information, to hackers. Data exposed by the breach may have included emails, technical specifications and operational information as well as login credentials. The space agency has reset potentially exposed passwords while it continues to investigate the scope of the breach. Source It’s often in today’s connected world that we hear of servers, networks, and individual computers hacked into or that have picked up some malware. Mostly it tends to deal with money, banks, and financial houses. Ever so often it deals …

Continue reading

Posted in Thoughts.

Wi-Fi routers security flaw allows uninvited guests

In December 2011 Stefan Viebhock published a report about a vulnerability discovered and analyzed by him in Wi-Fi Protected Setup(WPS) previously known as Wi-Fi Simple Config. Introduced by Wi-Fi Alliance in 2007 year, WPS allows users without an advanced knowledge about Wi-Fi router’s configurations to easily setup their home Wi-Fi networks, adding new devices or enabling the security. The user can add a new device in the wireless network either by pushing a button on both wireless router and new device(Push-Button-Connect) or by introducing a 8 characters PIN into the new device “connection wizard” interface. Simply said the PIN is functioning as the authentication method for registering a new device …

Continue reading

Posted in Thoughts.