November 2009 Archives
Posted By Netgear Threat Lab at 10:13 AM, November 17, 2009
Due to the iPhone being a hit in the smartphone market, network security researchers warned that the iPhone's popularity will lead to cyber-criminals to taking an interest in mobile phones. With the increase in horsepower and functionality in smartphones phones, they are essentially mini computers. We all know the types of threats and vulnerabilities computers face and our phones are no exception.
Recently, some iPhone users were attacked by a worm - the first of its kind found on the iPhone. The virus automatically replaces the iPhone wallpaper with a photo of 80's pop singer Rick Astley and displays a message "Never give up your" (ikee is never going to give you up), but stops there and does not perform further attacks on the iPhone. The worm was written by a 21-year-old Australian hacker Ashley Towns to prepare, Towns said the production of the worm is to have iPhone users realize the risks of not changing the default root password.
However, only jailbroken iPhones are vulnerable to the worm virus. Jailbreaking is a process that allows iPhone and iPod Touch users to run homebrew apps on their devices by bypassing Apple's App Store. Once jailbroken, iPhone users are able to download homebew applications as well as cracked applications through unofficial installers such as Cydia, Rock App, Icy, and Installer. Jailbroken versions of Apple's iPhone is eligible for technical support and Apple has many times through software upgrades prevented users from cracking their iPhones. Apple also noted that Jailbreaking an iPhone is illegal. Users who jailbreak their iPhone, installed SSH, and did not change their default root password "alpine" were found with the worm. Once infected, the worm will attempt to search and spread to other jailbroken iPhones in the same network. This threat can be mitigated by changing the default password of their iPhone.
Prior to this incident, iPhone users have already been the target in attacks. A week ago, Dutch users received messages from an the attacker that warned of a security vulnerability in their cell phone and requested that these users donate 5 Euros each to a PayPal account. The attackers have since apologized and provided a fix. This is an example of an attacker who exploited the same flaw but not in the form of a virus or worm.
Posted by: Netgear Threat Lab at 10:13 AM
Categories: Malware , Netgear Threat Lab
Posted By Pete at 12:13 PM, November 11, 2009
A recent report by Web application security vendor Cenzic pointed out that in the first half of 2009 Firefox totaled for 44% of all vulnerabilities amongst popular Web browsers. Also somewhat surprising is Safari coming in at 35% due to iPhone Safari vulnerabilities (that's another story in itself). IE came in third at 15% and Opera at 6% (BTW, where was Chrome?).
Firefox (by the way, I've been a Firefox user since its debut) is an open source browser which has marketed itself as a "safer" alternative to Microsoft's Internet Explorer. Early on that was true, however when Firefox started to gain popularity, hackers began shifting focus to it and Firefox became "less safe".
Two factors contribute to the amount of vulnerabilities we are seeing in the browser today. Number one, the browser is relatively young, so there are naturally more holes in it. This will get better as the browser further matures.
Second of all, Firefox is open-source and has a flexible add-on architecture where basically anyone who can code (and even some who can't) can make an add-on for Firefox. While this architecture and open source in general bring flexibility, functionality, and scalability to the browser, many of these add-ons are not "hardened" and could introduce security loopholes into Firefox. Also, due to the open-source nature of Firefox,hackers can study the browser source code inside out and find holes that way.
Regardless, I will continue to use Firefox. However, I'll also make sure that my security surrounding the browser is up to snuff. I suggest you do too.
Posted by: Pete at 12:13 PM
Posted By Netgear Threat Lab at 1:08 PM, November 10, 2009
At the Black Hat conference held in Las Vegas August of this year, security experts discovered many holes in the SSL encryption protocol - the very protocol that secures most Internet communications. On November 4th, security researchers from Phone Factor Marsh Ray and Steve Dispensa disclosed to the public the vulnerability in TLS / SSL that would allow for Man-in-the-Middle (MITM) attacks.
The vulnerability has the following characteristics:
1. It is a vulnerability in the protocol itself and not limited to certain applications
2. There is no concrete solution as of yet, still waiting for vendor patches
3. Affects a multitude of upper-layer protocols, including HTTPS, IMAP, SIP, etc...
Man-in-the-Middle Attacks (referred to as "MITM attacks") are "indirect" types of attacks where the attacker, through a variety of technical means gains access to the network communications between computers. This computer is known as the "middleman." This computer/intruder then masquerades as one or both of the victim computers, so that the "middleman" can establish an active connection with the victim computer(s). The "middleman" is now able to read or tamper with the communications between the two victim nodes. But the two victim computers still think they are talking directly to each other. This type of attack is not very easy to detect therefore, it has long been used by hackers and even to this day, is still commonly used to gain access to data or cause harm.
OpenSSL has already released a patch, but this patch does not fix the loopholes found in the protocol, but rather only turned off renegotiation by default. Users can obtain this patch by going to OPENSSL's official website: http://www.openssl.org/source/
Posted by: Netgear Threat Lab at 1:08 PM
Categories: Netgear Threat Lab
Posted By Pete at 9:57 PM, November 6, 2009
A critical vulnerability in SSL was discovered in August of this year by Marsh Ray and Steve Dispensa of PhoneFactor. These findings were made public on November 4th.
Basically they uncovered a flaw in the SSL protocol itself - a gap in SSL authentication during renegotiation between client and server. This unauthenticated request allows the man-in-the-middle (MITM) attacker to inject specially crafted plaintext into the application protocol stream, which can be used to exploit different applications.
Folks, this is a vulnerability of epic proportions we have here. Online banking, online shopping, cloud computing, remote services all are based on the
fact assumption that SSL is secure. How would you feel going to bed every night when you know your front door lock can be easily picked?
The good news is that vendors have been working on patches to the problem for a few months now. The bad news is, so much of our Internet infrastructure utilizes SSL. It will be impossible to patch everything. I bet cyber criminals are also scrambling to come up with ways to exploit this vulnerability before the patches arrive. This is going to be a very interesting few months. Stay tuned.
Special thanks to Nick Carter for the fantastic image :)
Posted by: Pete at 9:57 PM
Posted By Netgear Threat Lab at 1:37 PM, November 6, 2009
Description of Report (Troj.Downloader.JS.Agent.bgt):
This malicious program exploits vulnerability CVE-2008-4699.
The Peachtree Accounting ActiveX control (PAWWeb11.ocx) with CLSID:2BCEAECE-6121-4E78-816C-8CD3121361B0 is prone to a remote code-execution vulnerability. The vulnerability is caused due to the PAWWeb11.ocx ActiveX control containing the insecure method "ExecutePreferredApplication()". By persuading a victim to visit a specially-crafted Web page, an attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the user.
Affected Version: Peachtree Accounting 2004
Posted by: Netgear Threat Lab at 1:37 PM
Categories: Malware , Netgear Threat Lab , Viruses
Posted By Pete at 1:37 PM, November 3, 2009
I hope everyone enjoyed their Halloween and their fair share of candy. And no, we are not talking about killing "REAL" zombies (the ones in flesh, or rotten flesh to be more exact) here.
As we've mentioned time and time again, zombies are a growing problem in today's Internet. Once a PC has been infected, it joins the ranks of the fellow infected as zombies who respond to any command a hacker might give it. They are used to send spam (yes, the spam you get everyday comes from a zombie, NOT a mailman in cyberspace), carry out denial of service attacks, and many other mischievous deeds.
Our friends at Sophos have designated October 31st as the International Kill-A-Zombie Day (images of Resident Evil, Zombieland, and Night of the Living Dead just pop into my mind saying that). They've come out with two very interesting videos to promote zombie awareness. Have a look and join the fight!
Posted by: Pete at 1:37 PM
Categories: General , Malware , Spam
Posted By Netgear Threat Lab at 1:34 PM, November 3, 2009
Description of Report (Troj.Downloader.JS.Agent.eda):
This malicious program exploits vulnerability CVE-2008-4728.
The DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control with the CLSID:7F9B30F1-5129-4F5C-A76C-CE264A6C7D10 is prone to some vulnerabilities in the Hummingbird Deployment Wizard. The vulnerabilities are caused due to the DeployRun.DeploymentSetup.1 ActiveX control providing insecure "Run()", "SetRegistryValueAsString()", and "PerformUpdateAsync()" methods. The vulnerabilities allow remote attackers to execute arbitrary programs via the Run() and PerformUpdateAsync() methods, and modify arbitrary registry values via the SetRegistryValueAsString() method.
Affected Version: Hummingbird Deployment Wizard 2008
Posted by: Netgear Threat Lab at 1:34 PM
Categories: Malware , Netgear Threat Lab
« October 2009 |
Main Index |
| December 2009 »