CyberIntel Source is a free service of Cyveillance providing data, reports and analysis on the latest security threats and trends.

Creativity and Sophistication in Recent Phishing Attack

  • Posted On: 04/14/2008 13:05:00

Cyveillance’s President and CEO, Panos Anastassiadis, was targeted by new approach to an old scam, spear phishing. Earlier this morning, the following email was sent to Mr. Anastassiadis:

Like many other spear phishing attacks, the phisher performed research before launching his or her attack. Specifically, the individual was able to locate use our CEO’s email address and the Cyveillance phone number in the email. This information was used to enable and build additional credibility for the attack. 

The email instructed Mr. Anastassiadis to appear in the US Courthouse on May 7, 2008 and provided a link to download the subpoena for specific information. Clicking on link takes you to the following page:

As you can see, the Web page claims that the case has been closed and no further action is required from the visitor. However, clicking on the link will not only load this page, but will also download a Trojan-Downloader onto the computer that would not be detected by the majority of Anti-Virus companies. Specific information about the malware used in the attack can be found at: http://www.virustotal.com/analisis/13bfb6913f9c328c7b657fce4ba4c731.

The size of this attack is not yet known, but security managers should ensure that personnel, especially executives, are aware of this latest phishing attack vector.

Google Policy Changes Impacts UK Brand Holders

  • Posted On: 04/11/2008 14:18:39

Beginning May 5, 2008, Google will no longer protect brand holders against competitors bidding on their trademarked terms in pay-per-click advertising.  Previously, Google Adwords policy allowed trademark holders to eliminate the unauthorized use of their trademarks as bid terms by competitors.   Brand Republic has the story here.

At best, the policy change will increase bid prices requiring advertisers to pay more for ads triggered by their own marks.  At worst, the policy may result in more widespread customer diversion as well as increase fraud-related activity that uses pay-per-click as the attack vector.

Realistic Solution to the Malware Epidemic?

  • Posted On: 04/10/2008 15:12:26

It’s hardly newsworthy that security experts at the RSA Conference this week pointed to malware as the biggest threat facing the Internet today.  However, a more thought provoking, if not somewhat controversial idea about malware was put out there by a noted security expert who offered that “the most effective approach to tackling botnets would be to impose penalties on people who allow their computers to become infected, making users take more responsibility.”  Read the story here. 

While it’s critical that we explore new solutions, the idea of holding consumers responsible for becoming infected with malware is hard to imagine.   For starters, given that between 20 to 40 percent of malware is not detected by endpoint security software, is it reasonable to expect every day Internet users to protect themselves from a continual barrage of malware-based attacks?  Our best and brightest security experts have been unable to address the malware threat.  Will a largely non technical Internet audience significant reduce malware problems because of the threat of penalties? 

Clearly, consumers have a responsibility to take reasonable precautions in order to protect themselves from online attacks. But it’ll take new approaches by businesses, security providers and government to really make a dent in the problem. Consumers are the weak link in the security chain. Social engineering combined with increasingly sophisticated technical attacks are too much for the average Internet user to overcome. A big part of the malware solution has to be hardening the consumer against human-based vulnerabilities. Otherwise, we’ll create an Internet that is not practical for use by the average Joe.

 

Cross Site Scripting Meets Search Engine Optimization

  • Posted On: 04/02/2008 18:46:22

Yesterdays revelation that certain Google search results contain tainted URLs that simultaneously take consumers to their intended site, as well as redirect them to a second site for the purpose of installing malware, shows the bad guys continue to get creative.  Read about it here in USA Today.   Cross site scripting, phishing and web-delivered malware are not new threats, but the combination of these elements along with proven search engine optimization techniques poses a pretty lethal combination. 

Hopefully, Google will take steps to protect its customers from these attacks.  Web site operators can do their part, too.  You can help protect your Web site from cross site scripting attacks by ensuring that your application performs validation of all headers, cookies, query strings, form fields and hidden fields.

The Growing Imperative for Cyber Intelligence

  • Posted On: 04/01/2008 14:15:15

Today’s front page article in USA Today points out the growing importance that intelligence gleaned from the open source Internet plays in national security.  Excerpts:  

The explosion of information available via the Internet and other public sources has pushed the collection and analysis of that material to the top of the official priority list in the spy world, intelligence officials say.

Open sources can provide up to 90% of the information needed to meet most U.S. intelligence needs, Deputy Director of National Intelligence Thomas Fingar said in a recent speech.

Not Your Father's Oldsmobile

  • Posted On: 04/01/2008 14:01:41

It appears that the recently retired Oldsmobile brand will soon return as a Japanese car.    Even more surprising, Toyota was able to obtain the rights to the Olds brand because GM failed to process the appropriate paperwork to re-register the brand name.   Read about it here. 

There can’t be an easy to way to tell your boss that you just lost a 100+ year old brand to a procedural error.  On the positive side, Oldsmobile may now see their reliability ratings soar.

Malware Used to Steal Credit Card Data at Hannaford

  • Posted On: 03/31/2008 13:04:11
eWeek updates the Hannaford data breach story, explaining that malware was found to be present on the Web servers located in every grocery store owned by the chain.  While the source of the malware remains unknown, the data breach exemplifies the damage that purpose-built malware can inflict on its target.

This malware used in the Hannaford attack apparently captured Track 2 credit card information as part of the authorization process.   With relative ease, criminals in possession of Track 2 data can create counterfeit plastic credit cards embedded with real customer data in the magnetic strip of the card for use in “card present” transactions.   So in this case, the online malware attack vector was likely designed to facilitate offline fraudulent transactions.

 

Euro 2008 Football Tickets Site Hacked

  • Posted On: 03/27/2008 14:11:02

The online ticket site EuroTicketShop.com was identified as distributing malware to visitors when they attempted to buy tickets for the upcoming soccer tournament.  According to a security alert from Sophos, as reported in ComputerWorld, hackers were able to inject malicious code into the site which is downloaded to the computers of fans visiting the legitimate ticket site.   The article points out that Google pay-per-click advertisements were being used to attract visitors to the hacked site as well. 

The use of a sporting event-related site for the distribution of malware is not a new occurrence.  Back in 2007, the site of the Super Bowl host Miami Dolphins was hacked for a similar purpose. 

The use of legitimate sites as a threat vector is increasing.  In the last quarter of 2007, Cyveillance found that more than 51% of all phishing sites were being hosted on hacked, legitimate web sites. 

Phishing for AdWords

  • Posted On: 03/25/2008 10:10:55

Search Engine Roundtable reports a new round of phishing attacks that target the credit and debit card numbers of Google AdWords customers.   This more classic form of phishing, in that a Web form is served up to collect financial information, is different than the AdWords malware fraud reported earlier this month.  Don’t be surprised if future variants of these phishing attacks target login credentials so the phishers can take control of the accounts and serve up fraudulent advertisements to lure consumers to bogus Web sites.

Gossip Gone Crazy

  • Posted On: 03/21/2008 14:25:44

Juicy Campus, the site created so that college kids can anonymously dish about, and in some cases slander, their fellow students is rekindling debates about Internet anonymity.   For students who find themselves victimized by malicious comments, the nature of Juicy Campus leaves them little recourse for having the postings removed and identifying the responsible parties for potential libel claims.

The growing negative sentiment directed at Juicy Campus may not be dissuading people from using the site, although many students have called for a boycott, but it has gotten the attention of officials at the State of New Jersey.  According to the Chronicle of Higher Education:

[The State of New Jersey] is exploring whether the site is in violation of the New Jersey Consumer Fraud Act. Investigators issued a subpoena to Juicy Campus this week seeking information about how the college affiliation of users is verified, how the site enforces its policy of requiring users under 18 years old to submit a parental release form, and other details about its business practices.

As more companies enable their sites for user generated content, it’s going to require that enterprises monitor the content contributed by visitors to identify everything from injections of malicious software to slanderous postings.