Report No 05
advertisement
Cyber Security Incidents Outside Malaysia Report No. 5 May 2006 15 May 2006 Strategic Planning Unit National ICT Security and Emergency Response Centre (NISER) Technology Park Malaysia 57000 Kuala Lumpur Tel: +60 (0)3 8996 5000 Fax: +60 (0)3 8996 0827 http://www.niser.org.my CONTENTS DENIAL OF SERVICE 1. Vietnamese distributed denial−of−service hacking suspect arrested. 2. Massive DoS attack knocks TypePad, LiveJournal blogs offline. 3 3 3 FRAUD 3. Phishing study 4. Phishing hits bank's customers 5. Internet job scam 3 3 4 4 HACK THREAT/INTRUSION 6. Apple online store hacked 7. California man pleads guilty to bot attack 8. Hacker botnets attack!!! 9. Ex-government employee sentenced for hacking 5 5 5 5 6 SPAM 10. Smarter Spam Could Mimic Friends' Mail 11. Zombie computers the biggest source of spam 12. Spammer gets 57 months of jailtime 13. Spammers attack anti-spammers 6 6 7 7 7 VIRUS/WORMS/TROJAN 14. SANS exposes 'safe' technologies. 15. Top ten malware threats and hoaxes reported to Sophos in April 2006 16. WOW Virus Targets Online Gamers 17. World Cup virus season kicks off. 8 8 8 8 9 OTHERS 18. Islamic militants recruit using U.S. video games 19. Industrial control systems pose little−notice security threat. 20. Beware! Cybercrime 21. Downloading music online is a computer crime 22. Virginia official discusses the fight against cybercrime 9 9 9 10 10 11 DISCLAIMER This document is a non-commercial publication intended to educate and disseminate information about security incidents reported outside Malaysia. Further reproduction or redistribution is subject to original copyright restrictions. NISER provides no warranty of ownership of the copyright, or accuracy with respect to the original source material. 1 NISER did not warrant the completeness or accuracy of the document and neither accepts any liability for losses howsoever incurred. The content on this site, including news, quotes, data and other information, is provided by third party content providers for your personal information only, and neither NISER nor its third party content providers shall be liable for any errors, inaccuracies or delays in content, or for any actions taken in reliance thereon.—yy 2 DENIAL OF SERVICE 1. Vietnamese distributed denial−of−service hacking suspect arrested. Sophos has announced news that a man has been arrested in Vietnam for launching a distributed denial−of−service attack against a commercial Website. The attack on Vietco's Website caused huge losses to the company. Nguyen Thanh Cong is suspected of beginning an attack on the Vietnamese e−commerce site, www.vietco.com, in March 2006. The Website, which has 67,000 regular members, auctions cell phones and other consumer electronics products. Cong faces charges for creating a Trojan horse that exploited a flaw in Microsoft's Internet Explorer. The Trojan horse, which is said to have been planted on a pornographic Website, turned unpatched computers into zombie PCs which were then ordered to repeatedly hit the Vietco site −− overwhelming its servers. Source: Department of Homeland Security, May 2, 2006 http://www.sophos.com/pressoffice/news/articles/2006/05/viet ddos.html 2. Massive DoS attack knocks TypePad, LiveJournal blogs offline. Millions of blogs hosted by LiveJournal and TypePad were unavailable throughout Tuesday night, May 2, and into Wednesday morning, May 3, as a massive denial−of−service attack struck their servers. The attack that brought down the servers at Six Apart −− the San Francisco company behind the LiveJournal and TypePad services, and the Moveable Type blogging software −− began at 4 p.m. PDT Tuesday, according to an advisory posted to the firm's Website by Michael Sippey, the vice president of product. According to Sippey, service was interrupted for the following: TypePad, LiveJournal, TypeKey, sixapart.com, movabletype.org and movabletype.com. Source: Tech Web, May 03, 2006 http://www.techweb.com/wire/security/187200053 FRAUD 3. Phishing study A study conducted by Harvard and Berkley shows that people, even those that should know better, were still likely to be fooled by phishing sites. According to the post, up to 90% of participants of the study were fooled by a bogus URL meant to closely resemble a legitimage banking site. In the study, entitled Why Phishing Works , it is noted that better measures should be implemented to alert web surfers when sites are legitimate and when they are not. Here are some highlights of the study: * Cues that are supposed to help you figure out whether a site is legit, such as address bar, status bar or security indicators, weren't even looked at by 23% of participants. * There was no significant difference between the performance of men vs. women, older people vs. younger people or people at different education/Web savvy levels. In other 3 words, everybody got fooled at about the same rate.* Other phish sites that fooled most participants included a variety of fake PayPal sites and a bogus Etrade site. Source: blogs.chron.com, May 05, 2006 http://www.crime-research.org/news/05.05.2006/1977/ 4. Phishing hits bank's customers A scam sent through WebMail last week, targeting the UA campus, has prompted police and university officials to warn about giving away personal information online. The night of April 20 an e-mail was sent to almost all UA e-mails and said the recipient's DM Federal Credit Union account access had been suspended. The e-mail asked customers to go online to restore their accounts, said Eugene Mejia, University of Arizona Police Department spokesman. The e-mail was a phishing scam, which is the use of hijacked corporate logos and deceptive e-mails to lure personal information from unsuspecting victims. The information, usually credit card numbers, bank account information or Social Security numbers, is then used to commit fraud. The Center for Computer Information and Technology discovered the e-mails did not originate from DM Federal Credit Union, although they contained logos and identifiers stolen from the company's Web site. Source: wildcat.arizona.edu, May 04, 2006 http://www.crime-research.org/news/04.05.2006/1982/ 5. Internet job scam Most of us deal with the internet on a daily basis. We use it for information and sometimes, to find a job. Crime reporter Miranda Combs tells us about a scam going around the Bluegrass that may hit home for you. To some, it could be the perfect opportunity. You get an email, saying we've got a job for you, and you can do it all from home. According to Paul Simms with the Secret Service. Or it could be a perfect scam in the works. "We have a business, it's overseas, what we need is to establish a U.S. base and by doing that we need someone to run our accounts. So it's very easy, you can do this out of your home," said Simms. "They usually do not want you to set up bank account in that business's name," he said. "They want you to set it up in your own personal account." Simms says it's all about getting cash for checks. The fake company will send you checks, they then want you to wire them the cash. "So what they'll say is you're going to receive a $5000 check from a business, pay yourself from the proceeds of that check, so you're not actually getting a paycheck from that business," said Simms. Source: wkyt.com, May 12, 2006 http://www.crime-research.org/news/12.05.2006/1994/ 4 HACK THREAT/INTRUSION 6. Apple online store hacked Apple's Korean online store has been defaced by a hacker. The attack, carried out by someone working under the name 'Dinam', who claimed in his post to be Turkish, was brought to the attention of silicon.com last Thursday. The defacement was removed from Apple's website shortly after silicon.com alerted the company. Apple has subsequently refused to comment on the matter. Jason Hart, CEO of security company Whitehat UK, told silicon.com: "The defacer has managed to get administrator access to the web server." Although Hart suspected the hacker was after little more than "self-gratification" through vandalising the site, he said Apple should communicate what happened to its customers to end speculation. Source: Silicon.com, May 3, 2006 http://networks.silicon.com/webwatch/0,39024667,39158606,00.htm 7. California man pleads guilty to bot attack A 20-year-old California man has pleaded guilty to launching a bot network attack that compromised computers at a Seattle hospital and several universities. Christopher Maxwell, a Vacaville, Calif., resident, was accused of intentionally damaging a computer he was not authorized to access and using it to commit fraud. He made the guilty plea on Thursday in federal district court in Seattle. Back in mid-2004, Maxwell and a group of co-conspirators created a network of bots, or automated programs, using more than 13,000 commandeered computers, or zombies. Maxwell used the bot network to install adware on compromised computers, reaping commissions of approximately $100,000 for himself and his co-conspirators, according to the initial complaint. Source: CNET News.com, May 5, 2006 http://news.com.com/California+man+pleads+guilty+to+bot+attack/2100-7348_36069238.html?tag=alert 8. Hacker botnets attack!!! Christopher Maxwell will have to pay more than $252,000 in restitution to a hospital and the Department of Defense for his role in attacking thousands of computers with a botnet that installed adware on target machines. A number of those machines belonged to Northwest Hospital and Medical Center in north Seattle. Although AP reported patient care was not jeopardized due to the presence of backup systems, the attacks caused several other problems. The attacks did affect computers in the hospital's intensive care unit, and also disrupted physicians' pagers as well as prevented doors to operating suites from opening. "Creating a zombie network, or botnet, isn't a harmless game. In this case a hospital network was affected, and patients' welfare could have been put at risk through the stupidity of the hackers," said Graham Cluley, senior technology consultant for Sophos. The attacks also hit hardware at the Headquarters 5th Signal 5 Command in Manheim, Germany, and at the Directorate of Information Management in Fort Carson, Colorado. Source: securitypronews.com, May 11, 2006 http://www.crime-research.org/news/11.05.2006/1991/ 9. Ex-government employee sentenced for hacking A former computer security specialist at the Department of Education has been sentenced to five months in prison for hacking into his supervisor's PC. Kenneth Kwak, 34, of Chantilly, Va., admitted to installing remote control software on the computer and using that access to read his supervisor's e-mail and monitor other Internet activity, the U.S Department of Justice said in a statement Friday. Kwak shared this information with others in his office, the DOJ said. Kwak pleaded guilty last month to one count of intentionally gaining unauthorized access to a government computer and thereby obtaining information, the DOJ said. He was sentenced on Friday in the U.S. District Court for the District of Columbia. The five-month sentence is to be followed by five months of home confinement. Source: CNET News.com, May 12, 2006 http://news.com.com/Ex-government+employee+sentenced+for+hacking/2100-7350_36071928.html?tag=html.alert SPAM 10. Smarter Spam Could Mimic Friends' Mail The next generation of spam and phishing e-mails could fool both software filters and the most cautious people, Canadian researchers said Sunday, by mimicking the way friends and real companies write messages. John Aycock, an assistant professor of computer science at the University of Calgary, and his student, Nathan Friess, presented a paper Sunday at a security conference in Hamburg, Germany that outlined how junk mailers and phishers, even spyware criminals, could create slicker spam. Rather than rely on mass quantities of spam, much of it now written in gibberish to slip past antispam filters, tomorrow's criminals could plant malicious programs on compromised computers, the spam "zombies" that account for a large portion of spam sent. Those programs, Aycock and Friess argued, would scan the e-mail in the zombie's inbox, mine it for information and writing patterns, then crank out realistic-looking replies to real messages. Source: TechWeb News, May 1, 2006 http://www.techweb.com/headlines_week/showArticle.jhtml?articleId=187002202 6 11. Zombie computers the biggest source of spam According to Internet security company, Panda Software, zombie computers are now the biggest source of spam on the Internet. A zombie is a computer infected with malware that enables the sender of the malware to take control of it. The malware most frequently used to convert computers into zombies are 'bots' - Trojans designed to automatically respond to commands of their creators. Panda Software's finding comes in the wake of a call by the OECD for better education of consumer users of computers to ensure they have the knowledge to install and maintain the necessary anti-virus and other security software on their machines. Source: itwire.com.au, May 07, 2006 http://www.crime-research.org/news/07.05.2006/1978/ 12. Spammer gets 57 months of jailtime Concluding the first prosecution of its kind in the United States, a well-known member of the "botmaster underground" was sentenced Tuesday to nearly five years in prison for profiting from his use of "botnets" - armies of compromised computers - that he used to launch destructive attacks, to send huge quantities of spam across the Internet and to receive surreptitious installations of adware. Jeanson James Ancheta, 20, of Downey, California, was sentenced to 57 months in federal prison by United States District Judge R. Gary Klausner in Los Angeles. During the sentencing hearing, Judge Klausner characterized Ancheta's crimes as "extensive, serious and sophisticated." The prison term is the longest-known sentence for a defendant who spread computer viruses. Ancheta pleaded guilty in January to conspiring to violate the Computer Fraud Abuse Act, conspiring to violate the CAN-SPAM Act, causing damage to computers used by the federal government in national defense, and accessing protected computers without authorization to commit fraud Source: northcountrygazette.org, May 10, 2006 http://www.crime-research.org/news/10.05.2006/1986/ 13. Spammers attack anti-spammers Spammers have attacked anti-spam, anti-spyware company Blue Security's Web site, stealing parts of the database to get customers' e-mail addresses. The spammers then sent the company's users the following e-mail message, threatening those who did not remove the company's free anti-spam download Blue Frog, according to a report in the Israeli business newspaper Globes. "You are being emailed because you are a Blue Security user. Blue Security's data base has now been distributed to the worst among spammers. Within 48 hours, the database will be published on the Internet, and your email will be open to a community of spammers," the e-mail said, according to the report. "After this, you will see that spam to your mailbox increases 10 (to) 20 fold. Blue Security was illegally attacking spammers, now spammers fight back. Remove Blue Frog from your tray to avoid getting more spam." Source: upi.com, May 12, 2006 http://www.crime-research.org/news/12.05.2006/1993/ 7 VIRUS/WORMS/TROJANS 14. SANS exposes 'safe' technologies. For the first time, Mac OS X vulnerabilities ranked number one in the SANS Institute's quarterly Top 20 Internet Security Vulnerabilities report, which was published on May 1. Experts at the SANS Institute said the vulnerabilities clarify an important point about non−Windows systems. "There's a difference between 'safer' and 'more secure,'" says Ed Skoudis, director of the SANS "Hacking Exploits" course curriculum and a senior security analyst at Intelguardians. "There are fewer users on systems like the Mac or Mozilla, which makes them less of a target for attackers, and therefore safer. But there's nothing inherent in those systems that makes them more secure." SANS Top 20 Internet Security Vulnerabilities report: http://www.sans.org/top20/2005/spring_2006_update.php Source: Department of Homeland Security, May 1, 2006 http://www.darkreading.com/document.asp?doc_id=93759 15. Top ten malware threats and hoaxes reported to Sophos in April 2006 Sophos, a world leader in protecting businesses against viruses, spyware and spam, has revealed the top ten malware threats and hoaxes causing problems for businesses around the world during the month of April 2006. The report, compiled from Sophos's global network of monitoring stations, reveals that Netsky-P, which recently celebrated its second birthday, has returned to the top of the virus chart, replacing Zafi-B, which Sophos first protected against 22 months ago. However as a proportion of all malware, email viruses and worms continue to decline - 86% of the threats discovered by Sophos during April were Trojan horses, used by hackers to download malicious code, spy on users, steal information or gain unauthorised access to computers. The top ten viruses in April 2006 were as follows: W32/Netsky−P; W32/Zafi−B; W32/Nyxem−D; W32/MyDoom−AJ; W32/Netsky−D; W32/Mytob−FO; W32/Mytob−C; W32/Mytob−Z; W32/Dolebot−A; W32/Mytob−AS. Source: Sophos, May 2, 2006 http://www.sophos.com/pressoffice/news/articles/2006/05/topt enapr06.html 16. WOW Virus Targets Online Gamers Security Analysts at MicroWorld Technologies inform that a new variant of the password stealing Trojan named ‘Trojan-PSW.Win32.WOW.x’ is spreading fast, attacking account holders of the online game ‘World of Warcraft’. This Trojan also shuts down many AntiVirus and Firewall software on user computers to enhance its malice. World of Warcraft is a multimillion million dollar entity in the world of cyber games where huge sums change hands every second. A gamer dons a specific avatar while playing this game of alien characters and imaginary galaxies. Once the hacker gets hold of a gamer’s password, he can transfer victim’s goods to his personal account which is easily converted to liquid currency through Gaming Currency Exchange websites. 8 Source: IT-Observer, May 2, 2006 http://www.it-observer.com/news/6217/wow_virus_targets_online_gamers/ 17. World Cup virus season kicks off. The FIFA World Cup 2006 tournament won't get underway in Germany until early June, but computer virus writers are already attempting to cash in on the planet's most popular sporting event with viruses aimed at deceiving eager soccer fans. Researchers at UK−based Sophos released notification of a new attack that infects Microsoft Excel files and has been disguised as a spreadsheet charting the national teams participating in the World Cup. Identified by the security company as XF97/Yagnuul−A, the virus lives in an Excel file that offers to help people set up fantasy sports competitions related to the international soccer championship, and also attempts to market itself specifically to fans of the English Premiership, one of the world's top professional leagues. Once the World Cup virus has infected a PC, it begins forwarding itself to other people using the corrupted machine and may also send itself to people listed in any e−mail client software on the device, Sophos said. The Excel virus marks the second World Cup−oriented attack identified by the company in the last week. Source: eWeek, May 08, 2006 http://www.eweek.com/article2/0,1895,1959084,00.asp OTHERS 18. Islamic militants recruit using U.S. video games The makers of combat video games have unwittingly become part of a global propaganda campaign by Islamic militants to exhort Muslim youths to take up arms against the United States, officials said on Thursday. Tech-savvy militants from al-Qaida and other groups have modified video war games so that U.S. troops play the role of bad guys in running gunfights against heavily armed Islamic radical heroes, Defense Department official and contractors told Congress. The games appear on militant Web sites, where youths as young as 7 can play at being troop-killing urban guerillas after registering with the site's sponsors. "What we have seen is that any video game that comes out ... they'll modify it and change the game for their needs," said Dan Devlin, a Defense Department public diplomacy specialist. Source: ZDNet News: May 5, 2006 http://news.zdnet.com/2100-1040_22-6068963.html 19. Industrial control systems pose little−notice security threat. The electronic control systems that act as the nervous system for all critical infrastructures are insecure and pose disastrous risks to national security, cybersecurity experts warn. Supervisory control and data acquisition and process control systems are two common types of industrial control systems that oversee the operations of 9 everything from nuclear power plants to traffic lights. Their need for a combination of physical security and cybersecurity has largely been ignored, said Scott Borg, director and chief economist at the U.S. Cyber Consequences Unit, an independent research group funded by the Department of Homeland Security. Control systems security is one of six areas of critical vulnerabilities Borg included in a new cybersecurity checklist released in April by the research group. The private−sector owners of critical infrastructure refuse to release data and deny that their aging, inherently insecure systems pose any security risk, said Dragos Ruiu, an information technology security consultant to the U.S. government who runs several hacker conferences. Average hackers can break into the systems, said Robert Graham, chief scientist at Internet Security Systems. He, Borg and other experts fear that major cyberattacks on control systems could have socio−economic effects as severe and far−reaching as Hurricane Katrina. Source: Federal Computer Week, May 8, 2006 http://fcw.com/article94273−05−08−06−Print 20. Beware! Cybercrime Small firms have been warned to be on their guard against increasing levels of cybercrime by West Midlands IT firm Adecs. The Coventry company has been going to extra lengths this month to emphasise to its customers the importance of protecting themselves against computer crime. Figures recently released by the Government have revealed that the cost of computer crime to businesses in the UK has risen by 50 per cent over the last two years. Amrik Bhabra, managing director of Adecs, said the figures were particularly alarming for small businesses. "According to latest statistics firms will suffer an average of eight security breaches a year," he said. "Large businesses have invested heavily in security and are reaping the benefits. Source: tmcnet.com, May 9, 2006 http://www.crime-research.org/news/09.05.2006/1989/ 21. Downloading music online is a computer crime Six computer users in the Mid-south have been sued by the Recording Industry Association of America for illegally downloading music. It's a Federal Crime that many people don't think about. More than forty five hundred suits have been filed against people downloading music but not paying for it. Laura Kyle thinks those who steal music deserve to be caught, "There are people who create the music and the composers and all should get a profit." It's actually pretty easy to track down those breaking the law. Investigators browse illegal trading sites then they track users with their IP address, every computer has one and no two are the same. Then they serve a warrant to internet providers to get the computer users name and then they sue the downloaders. Maybe it was your kids downloading the music. Doesn't matter, the person paying for the internet service is held responsible. Source: wmcstations.com, May 9, 2006 http://www.crime-research.org/news/09.05.2006/1988/ 10 22. Virginia official discusses the fight against cybercrime. Gene Fishel, assistant attorney general in the state of Virginia's Attorney General's office, delivered the keynote address during Ziff Davis' Tuesday, May 9, "Enterprise Applications Virtual Tradeshow," where he provided some prime examples of computer crime, and what IT shops can do about it. Because two of the United States' Internet powerhouses are headquartered in Virginia −− AOL and MCI −− Fishel said that about 80 percent of the traffic on the Internet passes through Virginia at some point. This little−known fact is actually what provides the Virginia Attorney General's office with jurisdiction over many criminal computer crimes. "It allows us as a state to test computer crime laws before they go federal," said Fishel. "Spam is a good example of that." The Virginia Attorney General's office was the first in the nation to criminalize spam with its anti−spam law; there's now a federal law in place modeled on Virginia's efforts. Source: eWeek May 9, 2006 http://www.eweek.com/article2/0,1895,1959790,00.asp 11
