Archive for May, 2007

BBB Phishing

May 29, 2007

According to Secureworks and others, SANS and SunBelt, there are two different phishing scams making their way around email.

While both of them are extremely dangerous in their own respects, one of them I find very interesting. It is a highly targeted attack against executive level managers at companies. It uses an email with which claims to link you to documents pertaining to your case. Here are some of the highlights from Secureworks.

Highlights

  • Highly-targeted attack – aimed at specific executive-level company managers
  • Steals all interactive data sent from victim’s IE browser to remote websites
  • Uses browser helper object to access form data before it is SSL-encrypted
  • One stolen data repository located. As of Friday, May 25, there are 1, 400 victims and 145 megabytes of data in the repository. Approximately 70 megabytes of data is being collected daily.

The other email contains an attachment (RTF Document) when executed installs several pieces of malware onto the computer opening to attachment. The problem with this one is that for some reason it is easier to get virus through email content scanners with RTF documents.

For more information click on one of the reports above.

Posted in Alerts, Attacks, Malware, Phishing | 1 Comment »

McAfee’s – Another Identity theft Story

May 25, 2007

This story shows how complicated virus writers and ID Theft criminals are getting. Multiple sites, multiple malware, and the targeting of specific countries. This one inparticular targeted users in France.

Read it here.

Posted in Alerts, Attacks, Malware | Leave a Comment »

What a month for Phishing

May 25, 2007

The Antiphishing working group in it’s activity trends report that the number of unique phishing websites rose by nearly 35,000 compared to the month of March.

In the report they indicate that this is due to the phishers placing thousands of Phishing urls on one domain. Here is the report.

Another site www.phishtank.com show between the month of April compared to the month of March showed a 100% increase.

Another good read on this topic is the Security Fix blog posting located here.

Posted in Alerts, Phishing | Leave a Comment »

New type of dDoS Attack

May 24, 2007

In a recent alert from Prolexic Technologies they have uncovered a new type of dDoS attack. This attack uses p2p networks to perform the attack. This is very much different from a BotNet attack. see below

P2P attacks are different from regular botnet. There is no botnet and the attacker doesnt have to communicate with the clients it subverts. Instead, the attacker acts as a puppet master, instructing clients of large P2P file sharing hubs to disconnect from their P2P network and to connect to the victims website instead. As a result, 25k computers may aggressively try to connect to a target website.

Here is what they have to say about the solution:

Plugging up web servers isnt anything new, but the ability to block 150k+ attacking IP addresses is. While dc++ attacks are easy to identify with signatures, the large number of IP addresses that need to be blocked (often over 250k during the course of a big attack) means that this type of attack can overwhelm even functioning intrusion prevention systems (IPS).

Posted in Attacks, dDoS | Leave a Comment »

In the eyes of a Phiser

May 21, 2007

In a post recently from RSnake at ha.ckers.org, he had a chance to discuss items from a Phishers perspective. The phisher he spoke to calls himself “lithium”.

In the post there were two questions asked that caught my eye:

“Are there any anti-phishing deterrents (tools or technology) that make life as a phisher harder?

Oh sure, There are many things that make pishing harder. But since Internet Explorer 7 and firefox 2 have implemented an antiphishing protection, Those two cause the most irritation.”

and

“Do you forsee any changes to the phishing industry that are worthy of note?

No.”

With those thoughts in mind what will a .bank TLD do to help the Anti-Phishing efforts. I still believe that education of members and staff are the best way’s to combat Phishing.

Posted in Member Education, Phishing, Staff Education | 2 Comments »

End User and Member Education

May 18, 2007

I read an article today called People will click on anything and it got me thinking about education.

It seems that Didier Stevens from Contraste Europe created aGoogle Adwords Campaign called Drive-By Download, get you PC infected here. During the six month period that he had the ad up the ad was viewed 259,753 and clicked on 409 times.

What does this have to do with Education. It seems we stress so much on email, phishing, virus, and other threats, that when it comes to the daily habits of users we do not stress enough about security. People are so used to just “Browsing” the web that they do not care about what the site could or could not do to their PC’s.

Another article on MSNBC’s Red Tape Chronicles New Net threat: Infectious Web pages shows that insecurities in web based applications could cause your PC to become infected with Malware. It could even come from the site you visit every day.

Education on the threats that are out there and how to keep yoursel, members, and staff is extremely important. The tricky part of this is not to scare them, but to educate them.

Posted in Member Education, Staff Education | Leave a Comment »

The Confusion (RA, VA, & PT)

May 16, 2007

Over the past few months I have heard a large amount of people talking about Risk Assessment, Vulnerability Assessment, and Penetration Testing, however each one of them presents each of these topics differently.

What is a Risk Assessment versus a Vulnernability Assessment versus a Penetration Test?

Instead of posting what I think they mean, please add a comment as to what you think they are. In a couple of days I will summarize what readers thought and add in my thoughts.

Posted in Penetration Testing, Risk Assessment, Vulnerability Assessment | 1 Comment »