It's always interesting to browse through the bait document files used in targeted attacks. These are files that have been used to infect specific individuals in different organizations in order to gain access to their computer.
All the documents shown below contained exploits that installed backdoors. Targets of these attacks are not known.
This is just a quick sampling; we get a lot of these.
Charlie Miller, a well-known security researcher who specializes in Mac and iPhone security, yesterday revealed information about a new vulnerability in iPhone that allows remote code execution via SMS. Not a lot is known about the vulnerability, which was announced at the SyScan conference in Singapore, except that Charlie is working with Apple to get it fixed as soon as possible.
(picture from apple.com)
This is about as bad as it gets as the vulnerability seems to allow unsigned code to run which circumvents a core part of iPhone's security model. It's usually only able to run signed code, i.e. Apps that have been approved by Apple. No user-interaction is required which is unlike current mobile malware. InfoWorld has the original story here.
Charlie plans to reveal more information at BlackHat USA.
PS. I'm shift manager for one of our three daily response shifts this week and I'm tweeting about what we're doing on the shift over at http://twitter.com/patrikrunald.
—————
Updated to add: Dan Goodin has more at The Register.
The Wall Street Journal reports that Beijing has delayed its mandate to have Green Dam Youth Escort filtering software installed on all new Windows computers sold in China. The deadline was originally July 1st.
Firefox 3.5 was released yesterday. I've been waiting to try out the Private Browsing Mode, so I installed it today.
Here are the privacy settings from my installation of Firefox 3.0.1.
And when I installed Firefox 3.5 the Private Browsing option was disabled. What?
Seems that the installation recognized my 3.0.1 settings as the equivalent of Private Browsing and preconfigured 3.5 to "Automatically start Firefox in a private browsing session".
Very nice work.
So, nothing changed at all. Except now I have easy options to reconfigure por… paranoi… err, Private Browsing if I opt to do so.
With all the talk of Michael Jackson spam and Michael Jackson malware going on, it was mildly interesting today when a Fellow in our KUL Lab received an SMS – with link – that mentioned the King of Pop as well:
The IP address appears to be registered in Malaysia but fortunately the link doesn't seem to work.
There has been a couple of malware attacks that have tried to use the news coverage of the death of Michael Jackson as the lure to get people infected.
Last night we saw this one: a file called Michael-www.google.com.exe. This file was distributed through a site called photos-google.com and possibly also through photo-msn.org, facebook-photo.net and orkut-images.com. Do not visit these sites.
When executed, Michael-www.google.com.exe drops files called reptile.exe and winudp.exe. These are IRC bots with backdoor capability. The file also shows this fake error message:
We detect the dropper and the backdoors as Trojan.Win32.Buzus.bjyo.
The "King of Pop", Michael Jackson, died last night after suffering a cardiac arrest. The news is currently spreading through a lot of different media outlets and they are being printed worldwide.
Another recent death, Farrah Fawcett, is also making headlines.
The subjects themselves are not related to information security, but how long do you think it will take until the bad guys pick up the news as well and start using it? Usually it has taken a few days at most.
So remember, if or more likely when you start receiving e-mails on these subjects, please be extra careful when opening any links as they might be taking you in for a rough ride.
U.S. Secretary of Defense Robert Gates recently confirmed the creation of a U.S. Cyber Command aimed at dealing with cyberthreats to military resources. A previously announced White House "cybersecurity coordinator" is already in the works to deal with similar threats to critical government infrastructures.
On the whole, that's good news. It would be great however to hear of similar efforts in protecting a particular commercial resource that’s definitely "critical infrastructure" – civil aviation electronic systems.
Earlier this year, the U.S. Department of Transportation released an audit report (streaming PDF here, Open rather than Save) in which it determined the national air traffic control systems administered by the Federal Aviation Administration (FAA) had significant weaknesses and vulnerabilities, potentially allowing an unauthorized party to access and control vital services and systems.
This isn’t the first time the FAA has been criticized for the weaknesses in civil aviation electronic system security, with the first such criticisms coming as early as 1998.
The report cites incidences that took place in 2006, 2008 and 2009 as supporting evidence that the administrative and operational systems can be breached. The FAA contends this claim.
Not cited in the report, but of possible interest, is a 1998 incident in which a teenager successfully disabled vital airport control tower services at a regional Massachusetts airport (CNet article here).
Hopefully, with the current government enthusiasm for improving computer security, the current civil aviation systems get some attention too.
