Web Security

2012-02-02T03:28:00.000-08:00

Counterclank: Info-stealing Trojan or advertising tool?

Posted on 31.01.A couple of days ago, Symantec has warned about Counterclank, an Android Trojan that has been unknowingly installed by users on over five million devices.

This huge number was possible because the Trojan has been grafted onto a number of applications available for download on the official Android Market.

Having analyzed and recognized Counterclank as a variant of the Tonclank Android Trojan, the researchers have come to the conclusion that it has been created by the same developer - a company that distributes a software development kit (Apperhand) to third parties to help them monetize their applications, primarily through search.

Counterclank records and send information such as the device's IMEI, brand, manufacturer, model, and Android OS version, metrics such as screen size and resolution, the user's language preference, the browser user agent and the identity of the application using the software development kit.

Apart from that, it is also capable of setting the device's browser's homepage, create bookmarks and shortcuts on the home screen. According to them, the homepage, bookmarks, and shortcuts can be sent to searchwebmobile.com, a domain belonging to Infospace, a firm that pays money to applications that redirect search queries through their website.

Although Symantec considers these apps and Counterclank as malware, others disagree. Lookout says that it is "an aggressive form of ad network" that does not appear to be malicious, but that should, nonetheless, be taken seriously.

"Due to the combined behavior of the applications, negative feedback from users who installed the applications, and the fact that previous applications (Android.Tonclank) using this code were initially suspended from the Google Market, we chose to notify users of Counterclank," reiterated Symantec.

"We have also submitted a ticket to Google for the removal of Counterclank from the Android Market. Google replied quickly informing us the applications met their Terms of Service and they will not be removed. We expect in the future there may be many similar situations where we will inform users about an application, but the application will remain in the Google Android Market."

സോണി സൈറ്റുകള്‍ വീണ്ടും ഹാക്ക് ചെയ്തു

2011-05-26T23:26:00.001-07:00

പ്രമുഖ ഇലക്ട്രോണിക്ക് കമ്പനിയായ സോണി കോര്‍പ്പറേഷന്റെ ഗ്രീസിലേതുള്‍പ്പടെ മൂന്നു രാജ്യങ്ങളിലെ വെബ്‌സൈറ്റുകള്‍ ഹാക്ക് ചെയപ്പെട്ടു. കമ്പനിയുടെ ഗ്രീസിലെ മ്യൂസിക്ക് എന്റര്‍ടെയിന്‍മെന്റ് ശൃംഖലയില്‍ കടന്നു കയറിയ ഹാക്കര്‍മാര്‍ 8500ഓളം ഉപഭോക്താക്കളുടെ അക്കൗണ്ട് വിവരങ്ങള്‍ ചോര്‍ത്തിയതായും കമ്പനി വ്യക്തമാക്കി.

കമ്പനിയുടെ പ്ലേ സ്റ്റേഷന്‍ നെറ്റ്‌വര്‍ക്കില്‍ ഈയിടെയുണ്ടായ ആക്രമണത്തിന് പിന്നാലെ സുരക്ഷ ശക്തമാക്കാന്‍ നടപടികള്‍ കൈക്കൊള്ളുന്നതിനിടയിലാണ് രണ്ടാമതും ഹാക്കര്‍മാര്‍ നുഴഞ്ഞു കയറിയത്. കഴിഞ്ഞ തവണയുണ്ടായ ആക്രമണത്തെ തുടര്‍ന്ന് കമ്പനിയുടെ ഒരു കോടി ഉപഭോക്താക്കളുടെയെങ്കിലും അക്കൗണ്ടുകള്‍ തകര്‍ന്നിരുന്നു.

പുതിയതായി ഉണ്ടായ ആക്രമണത്തില്‍ ഏകദേശം 8500 പേരുടെ പാസ്‌വേഡുകളും ടെലിഫോണ്‍ നമ്പറുകളുമടക്കമുള്ള സ്വകാര്യ വിവരങ്ങള്‍ ചോര്‍ന്നിട്ടുണ്ടെന്ന് കമ്പനി പറഞ്ഞു. തായ്‌ലന്‍ഡിലെയും ഇന്‍ഡോനേഷ്യയിലെയും യൂണിറ്റുകളിലും ഹാക്കര്‍മാര്‍ നുഴഞ്ഞു കയറുകയും വെബ്‌സൈറ്റില്‍ മാറ്റങ്ങള്‍ വരുത്തുകയും ചെയ്തിട്ടുണ്ട്.

Facebook plugs third-party access to user accounts

2011-05-17T04:38:00.000-07:00

Tokens are like "spare keys" that Facebook users grant to applications that allow them to perform actions on their behalf or access their profile.

Facebook has plugged a hole that was inadvertently providing advertisers and other third parties access to user accounts via tokens that serve as "spare keys," Symantec said today after disclosing the problem to the social-networking company.
"Facebook was notified of this issue and has confirmed this leakage," Nishant Doshi, a senior software engineer at Symantec, wrote in a blog post. "Facebook notified us of changes on their end to prevent these tokens from getting leaked."

"We estimate that as of April 2011 close to 100,000 applications were enabling this leakage," Doshi wrote. "We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties."

A Facebook spokesperson told CNET that the company could not find any evidence that private user information was being shared with unauthorized third parties and that contractual obligations prohibit advertisers and developers from obtaining or sharing user information in a way that violates the site's policies.
"We have no evidence of this information being used in a way that violated our policies, but nonetheless, we take any potential issue seriously and quickly took steps to prevent this from happening with apps on Facebook," a company statement said.

User access tokens, which are akin to "spare keys," allow applications to perform certain actions on behalf of the user or to access the user's profile, according to Doshi. Most tokens expire after a short time, but the application can request offline access tokens, which allow them access until the user changes the password, even when the user is not logged in, according to his post.

The leak was happening when an application used a legacy Facebook application programming interface with older authentication schemes, instead of the new OAuth 2.0 data sharing protocol, Doshi said. (Google began supporting OAuth in mid-2008.) If certain parameters were used in the coding, the tokens would be sent in a URL to the application host, and from there could be leaked to advertisers and analytic platforms via iFrame applications embedded in the page, he said.

Its unclear how many people are affected by this problem.

"There is no good way to estimate how many access tokens have already been leaked since the release Facebook applications back in 2007," Doshi wrote. "We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers."
Facebook users can change their passwords to invalidate any leaked access tokens, effectively changing the lock on your profile, he said.

The Symantec research prompted Facebook to make some changes in its developer road map, including requiring all sites and apps to migrate to OAuth 2.0 and obtain an SSL (secure sockets layer) certificate by October 1.

"We have been working with Symantec to identify issues in our authenticationflow to ensure that they are more secure," the company said in a post on its developer blog. "This has led us to conclude that migrating to OAuth & HTTPS (Hypertext Transfer Protocol Secure) now is in the best interest of our users and developers."
Joey Tyson, a security engineer at Gemini Security Solutions who blogs about social networking at TheHarmonyGuy.com, said Facebook has been progressively improving the security of its platform and that many apps have limited permissions now. "This is a problem worth addressing, but it may not be as serious as some people are thinking it is, and it's certainly not as widely exploited as some people may fear," he said.

Facebook fixes bug, but 'Nicole Santos' hoax lives on

2011-05-17T00:32:00.000-07:00

Facebook has fixed a bug that allowed malware to take over accounts and spread overnight, but the "Nicole Santos" hoax has turned into a viral sensation.

The hoax was evident on pages littered with wall posts that use profanity and urge people to "vote for Nicole Santos." The posts say that the only way to remove them is to disable them by clicking a "remove this app" link below the post. Doing so allows the malicious code to access your Facebook account and post the hoax to your friends' pages.

"This spam was spread by a vulnerability in our code and we worked quickly to resolve this matter," Facebook said in a statement today. "The bug caused a small number of spam comments to be posted to users' walls, and we are in the process of cleaning up any spam it may have caused."
Basically, the vulnerability allowed people to post malicious code in comments and they were treated as URLs and allowed to spread. The bug improperly allowed a specific category of URLs (javascript: URLs), according to Facebook. The company is removing the posts from users' pages, but the malware continues to spread when people click on the links.
Users should not click on the links or on any links that are circulating that require people to "'Verify you account to prevent spam,' as this may be how the hack gains access to your Facebook wall in the first place," reports The Next Web. "Simply block the friend sending it to you as their account is now compromised. Once the problem has been fixed by Facebook you can re-enable them."
The Facebook hoax has already taken on a life all its own. "Nicole Santos" was a trending topic on Twitter and a bunch of anti-Nicole Santos Facebook pages were created. Someone began selling a "Vote for Nicole Santos" shirt on e-commerce site Etsy. And a comedian created a rap music video called "You Just Got Hacked: A Nicole Santos Musical Parody." Which all leads us to the question of who is Nicole Santos?

The Spam King is free again, claims his spamming days are over

2011-03-04T22:23:00.000-08:00

Robert Soloway, one of the most prolific spammers whose activities earned him the nickname Spam King, has been released from prison after a little less than 4 years inside.

He is allowed to go back online, but according to his plea deal, probation officers will monitor his e-mail correspondence and which websites he visits for the next three years.

“If I send out spam e-mails, that’s a violation of my probation. End of story,” he said to Wired. “I’m being very careful. If I send out an e-mail, I’m not even going probably to CC it. I’ll send a unique e-mail to each person.”

After and estimated 10 trillion spam e-mails sent doing his "career", teaching other people to spam, selling spam packages and using botnets to spread the e-mails - and living the good life during all that time - he now lives in a modest studio apartment in Seattle and works in a print shop.

He says he learned the lesson and now wants to help businesses and consumers avoid spam. “I don’t expect anyone to trust anything I say until they see me making good,” he declared. "I would like to assist in some way by basically revealing what went on inside the cybercrime industry."

Virus yearbook 2010

2010-12-21T05:34:00.000-08:00

PandaLabs is closing the year with a look at some of the unique and noteworthy viruses that have appeared over the last twelve months. The list of viruses is vast and varied, since in 2010, PandaLabs received more than 20 million new strains of malware.

This compilation does not contain the most prolific threats or those that caused the most infections, but is simply some of the more interesting viruses.

The viruses that are included in the 'Virus Yearbook 2010' are:

The Mischievous Mac Lover: This title was earned from a remote-control program with the unsettling name of HellRaiser.A. This virus only affects Mac systems and needs user consent to install on a computer. Once installed, it can take remote control of the system and perform a host of functions, including opening the DVD tray.

The good samaritan: Bredolab.Y came disguised as a message from Microsoft Support claiming that a new security patch for Outlook needed to be installed immediately. Upon download, users were exposed to the SecurityTool rogueware, which told users their systems were infected and then offered a fake solution that many fell for and purchased.

Linguist of the year: MSNWorm.IE emerged as a virus that was distributed via MSN Messenger with a link tempting the user into viewing a photo. This virus was created in 18 languages and always featured an emoticon at the end ":D" of each note.

The most audacious: The Stuxnet malicious code was designed to target SCADA systems, i.e. critical infrastructures. The worm exploits a Microsoft USB security hole and has the sole intention of silently manipulating the core of industrial control systems.

The most annoying: Oscarbot.YQ was a virus that infected your computer and continually prompted a pop-up window to ask users, "Are you sure you want to close the program? Yes - No?" Regardless of how many times users would close the window the same screen would appear repeatedly.

The most secure worm: Clippo.A, a name that might remind some users of "Clippy," the Microsoft office assistant, is the most secure worm. Once installed on a computer, it password-protects all office documents. A user then can't open any documents without a password. There is no financial motivation for this worm, but it is yet another example of an annoying virus.

A victim of the crisis: Viruses oftentimes mirror the state of the global economy. Typically, all ransomware (programs that block computers and demand a ransom to release them) demands a fee upwards of $300 to unblock a program. During the current financial crisis, however, PandaLabs discovered Ransom.AB, which was blocks the computer and asks for a mere $12 for a code to unblock it.

The Most Economical: SecurityEssentials2010 was a virus that served as a fake counterpart to the official Microsoft antivirus product. Classified as adware, this acted like any other fake antivirus and alerted users to infections on their computers. Since the design and warning looked so authentic, many users were duped into buying the fake solution, making it one of the top 10 infections of 2010.

Vendor creates malware to sell its anti-malware product

2010-12-20T21:43:00.000-08:00

Chinese antivirus software companies seem to have a unusual strategy for keeping its services and products in demand - secretly developing threats themselves and unleashing them online, then turning around and making their products detect and remove them.

This is supposedly a well known open secret in the industry, and the fact has come to light in the recent territory war between to Chinese antivirus companies - Rising Antivirus and Eastern Micropoint - which resulted in the 11 months long imprisonment of Micropoint's VP Tian Yakui and the suspended death sentence of one Yu Bing, who used to be the director of the Internet monitoring department of Beijing’s Municipal Public Security Bureau.

According to The Register, Bing has allegedly been receiving bribes from Rising to push the company's agenda and hinder that of Micropoint, which resulted in him mounting a sham investigation against Micropoint and falsely accusing their executives of releasing malware they have developed in the wild in order to boost their sales - and ended up with Tian's incarceration.

Subsequently, Micropoint had been seized on Yu's orders, sent to Rising and he made sure that China's only antivirus testing facility would reject its application for assessment in order to receive the proper certifications.

Yu also used misused his position by issuing a warning to the public about a specific computer virus, and advising them to use Rising's software to clean their computers.

Whether or not he deserved to be sentenced to death for his crime is debatable, but these revelations and ensuing comments by industry insiders have revealed that developing malware just to kill it is a "sound moneymaking strategy and makes good business sense", reports The Epoch Times.

Supposedly, that was the main strategy used by most antivirus vendors in the 1990s, but has been used less and less after 2000. Although, it seems, is still used by some - the virus that Micropoint has been accused of developing and releasing into the wild, was allegedly created by Rising.

Malware spread via Google, Microsoft ad network

2010-12-20T21:42:00.000-08:00

A number of online ad networks - including the two largest, Google's DoubleClick and Microsoft's Media Network - have been found unknowingly spreading malware via compromised ads provided by a malicious "company" impersonating the legitimate ad serving and marketing firm AdShuffle.

A simple visit to various sites - among which are also the high-profile realestate.msn.com, msnbc.com, mail.live.com, and many others - triggered the malicious javascript served from ADShufffle.com (three f's) which started the drive-by download.

Taking advantage of a variety of IE, Adobe Reader, Java, and other PC software bugs, the attackers have manage to install backdoors that allow them to access the compromised computers and HDD Plus, a fake system optimization tool that makes it seem like the system is failing and asks the users to purchase a license in order to make things right:

It took a while for security firm Armorize to discover how the malware was spread, and as soon as they did, they informed the ad networks.

There is a variety of reasons why the scam wasn't detected sooner, but among them is the fact that the exploit themselves had been successfully obfuscated and that the detection rate by antivirus solution was exceptionally low.

The good news is that these bugs are known and have already been patched, so users who kept their software and antivirus solutions updated were not at risk.

വിക്കിലീക്ക്‌സിനായി സൈബര്‍യുദ്ധം: അടുത്തലക്ഷ്യം ഫെയ്‌സ്ബുക്കും ട്വിറ്ററും?

2010-12-11T08:20:00.000-08:00

"വിക്കിലീക്ക്‌സിന് വേണ്ടി സൈബര്‍യുദ്ധം അഴിച്ചുവിട്ടിട്ടുള്ളവരുടെ അടുത്ത ലക്ഷ്യം, സൗഹൃദക്കൂട്ടായ്മകളായ ഫെയ്‌സ്ബുക്കും ട്വിറ്ററുമാണെന്ന് റിപ്പോര്‍ട്ട്. വിക്കിലീക്ക്‌സിനെതിരെയുള്ള അമേരിക്കന്‍ നീക്കത്തിന് സഹായം ചെയ്ത സൈറ്റുകള്‍ക്കെതിരെ രണ്ട് ദിവസമായി വ്യാപകമായ ആക്രമണമാണ് നടന്നത്. 'ഹാക്കിവിസ്റ്റുകള്‍' നടത്തുന്ന ആക്രമണത്തില്‍ മാസ്റ്റര്‍കാര്‍ഡിന്റെ സര്‍വീസ് തടസ്സപ്പെട്ടു. വിസയുടെയും പേപാലിന്റെയും സൈറ്റുകളും ആക്രമിക്കപ്പെട്ടു. ആക്രമണങ്ങളെക്കുറിച്ച് അന്വേഷിക്കുമെന്ന് യു.എസ്.സര്‍ക്കാര്‍ പ്രഖ്യാപിച്ചിട്ടുണ്ട്. ഇന്റര്‍നെറ്റില്‍ സ്വതന്ത്ര ആശയപ്രകാശനത്തിനായി നിലകൊള്ളുന്ന ഒരു സംഘം അജ്ഞാത ഹാക്കര്‍മാരാണ്, വിക്കിലീക്ക്‌സിന് വേണ്ടി സൈബര്‍യുദ്ധം നയിക്കുന്നത്. ഈ ഗ്രൂപ്പുമായി ബന്ധമുള്ളവരുടെ അക്കൗണ്ടുകള്‍ നിര്‍ത്തലാക്കുന്ന നടപടി ഫെയ്‌സ്ബുക്കും ട്വിറ്ററും സ്വീകരിച്ചതിനെ തുടര്‍ന്നാണ് ഈ സൗഹൃദക്കൂട്ടായ്മാ സൈറ്റുകള്‍ ആക്രമിക്കപ്പെടാനുള്ള സാധ്യത വര്‍ധിച്ചതെന്ന് റിപ്പോര്‍ട്ടുകള്‍ പറയുന്നു.

What is a Virus?

2010-10-14T23:32:00.001-07:00

A virus is a man made program or piece of code that causes an unexpected, usually negative, event. Viruses are often disguised games or images with clever marketing titles

What is Spyware?

2010-10-14T23:31:00.001-07:00

Spyware is a wide range of unwanted programs that exploit infected computers for commercial gain. They can deliver unsolicited pop-up advertisements, steal personal information (including financial information such as credit card numbers), monitor web-browsing activity for marketing purposes, or route HTTP requests to advertising sites.

What is Phishing?

2010-10-14T23:29:00.001-07:00

Phishing is a form of criminal activity using social engineering techniques through email or instant messaging. Phishers attempt to fraudulently acquire other people’s personal information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication.

What is a Trojan Horse?

2010-10-14T23:28:00.000-07:00

Trojan horse program is a malicious program that pretends to be a begin application; a Trojan horse program purposefully does something the user does not expect. Trojans are not viruses since they do not replicate, but Trojan horse programs can be just as destructive.

Many people use the term to refer only to non-replicating malicious programs, thus making a distinction between Trojans and viruses.

Bugat Trojan linked to LinkedIn phishing campaign

2010-10-12T23:35:00.000-07:00

Researchers have discovered a new version of the Bugat financial malware used to commit online fraud. Bugat was distributed in the recent phishing campaign targeting LinkedIn users, which was generally considered to be trying to infect machines with the more common Zeus Trojan.

The emergence of this new version of Bugat appears to be an attempt by criminals to diversify their attack tools using a platform that is less well known and therefore harder to detect and block.

Bugat is similar in functionality to its better known financial malware brethren Zeus, Clampi and Gozi. It targets Internet Explorer and Firefox browsers and harvests information during online banking sessions. The stolen financial credentials are used to commit fraudulent Automated Clearing House (ACH) and wire transfer transactions mostly against small to midsized businesses, which result in high-value losses. Bugat is three times more common in the US than Europe, but its distribution is still fairly low.

'ആസ്‌പ്രോസ്' പുതിയ വില്ലന്‍; സര്‍ക്കാര്‍ വെബ്‌സൈറ്റുകള്‍ ഭീഷണിയില്‍

2010-09-17T10:24:00.000-07:00

തിരുവനന്തപുരം: സംസ്ഥാന സര്‍ക്കാരിന്റെ ഇരുന്നൂറോളം വെബ്‌സൈറ്റുകള്‍ സുരക്ഷാ ഭീഷണിയിലെന്ന് വിദഗ്ധ റിപ്പോര്‍ട്ട്. അന്താരാഷ്ട്ര സുരക്ഷാമാനദണ്ഡങ്ങളില്‍ ഉള്‍പ്പെടുന്ന പതിനഞ്ചോളം നിര്‍ദേശങ്ങള്‍ പാലിക്കാതെയാണ് പല സൈറ്റുകളും രൂപകല്‍പ്പന ചെയ്തിട്ടുള്ളതെന്നും റിപ്പോര്‍ട്ട് പറയുന്നു.

ഇന്‍റര്‍നെറ്റില്‍ കൂടിയുള്ള തീവ്രവാദപ്രചാരണവും സൈബര്‍ ആക്രമണവും നുഴഞ്ഞുകയറ്റവും ചെറുക്കാന്‍ രൂപവത്കരിച്ച ' കമ്പ്യൂട്ടര്‍ എമര്‍ജന്‍സി റെസ്‌പോണ്‍സ് ടീം-കേരള (സേര്‍ട്ട് -കെ)' യാണ് സംസ്ഥാന സര്‍ക്കാരിന്റെ വെബ്‌സൈറ്റുകളിലെ സുരക്ഷാ പ്രശ്‌നങ്ങള്‍ ചൂണ്ടിക്കാണിച്ചത്. സംസ്ഥാന സര്‍ക്കാരിന്റെ രണ്ട് വെബ്‌സൈറ്റുകളില്‍ ഈയിടെയുണ്ടായ ഗുരുതരമായ ആക്രമണത്തെക്കുറിച്ചും സേര്‍ട്ട്-കെ റിപ്പോര്‍ട്ട് ചെയ്തിട്ടുണ്ട്. 'അസ്പറോസ്' (Asproz) എന്ന വൈറസ് ആണ് രണ്ട് വെബ്‌സൈറ്റുകളെ അക്രമിച്ചിട്ടുള്ളത്. കീ-പാഡിലെ ക്ലിക്ക് ഇല്ലാതെ തന്നെ സ്വന്തം നിലയ്ക്ക് വെബ്‌സൈറ്റ് സെര്‍വറുകളില്‍ പ്രവേശിക്കാന്‍ കഴിവുള്ള ദുഷ്ടപ്രോഗ്രാമുകളുടെ ('മാല്‍വേര്‍') വിഭാഗത്തില്‍പ്പെട്ട പ്രോഗ്രാമാണ് ആസ്പറോസ്.

സേര്‍ട്ട്-കേരളയുടെ മാതൃസംഘടനയായ 'സേര്‍ട്ട്-ഇന്ത്യ' യാണ് ആസ്പറോസിനെക്കുറിച്ച് സേര്‍ട്ട്-കേരളയ്ക്ക് റിപ്പോര്‍ട്ട് ചെയ്തിട്ടുള്ളത്. കേന്ദ്രസര്‍ക്കാരിന്റെ നൂറുകണക്കിന് വെബ്‌സൈറ്റുകളെ നിരീക്ഷിക്കാനും നുഴഞ്ഞുകയറ്റം തടയാനും 2004-ല്‍ രൂപവത്കരിച്ച സേര്‍ട്ട്-ഇന്ത്യയുടെ സംസ്ഥാനതല നോഡല്‍ ഏജന്‍സിയായിട്ടാണ് സേര്‍ട്ട്-കേരള രൂപവത്കരിച്ചത്. ഇന്ത്യയില്‍ ആദ്യമായാണ് ഒരു സംസ്ഥാനം ഇത്തരമൊരു നീക്കം നടത്തുന്നത്. സേര്‍ട്ട്-കേരള സാങ്കേതികമായി മൂന്നുമാസം മുമ്പ് നിലവില്‍ വന്നുകഴിഞ്ഞു. സി-ഡാക്കിലെ ശാസ്ത്രജ്ഞന്‍ എന്‍.കൃഷ്ണനെ ഇതിന്റെ തലവനായി നിയമിച്ചിട്ടുമുണ്ട്.

ഈ സ്ഥാപനത്തിന് സ്വയംഭരണാവകാശം നല്‍കാനും കൂടുതല്‍ വിദഗ്ധരെ നിയമിക്കാനും സര്‍ക്കാര്‍ ആലോചിക്കുകയാണ്. മന്ത്രിസഭയുടെ അംഗീകാരം ലഭിച്ചാല്‍ ഇതിനുവേണ്ട നടപടിക്രമങ്ങള്‍ തുടങ്ങും. തദ്ദേശ തിരഞ്ഞെടുപ്പ് കഴിഞ്ഞ ശേഷം, നവംബറോടെ സേര്‍ട്ട് -കേരള പൂര്‍ണതോതില്‍ പ്രവര്‍ത്തനം തുടങ്ങാനാണ് ഐ.ടി.വകുപ്പ് ലക്ഷ്യമിടുന്നത്. സര്‍ക്കാര്‍ ഏജന്‍സികളുടെ വെബ്‌സൈറ്റുകള്‍ക്ക് മാത്രം പരിരക്ഷ നല്‍കുക എന്നതില്‍ കവിഞ്ഞ് സംസ്ഥാനത്തെ മുഴുവന്‍ ഐ.ടി.സംരംഭകര്‍ക്കും വെബ്‌സൈറ്റുള്ള സ്ഥാപനങ്ങള്‍ക്കും തങ്ങളുടെ കമ്പ്യൂട്ടര്‍ ശൃംഖല സുരക്ഷിതമാക്കാന്‍ കഴിയുംവിധം ഉപദേശങ്ങളും സാങ്കേതിക സഹായവും നല്‍കുക എന്ന വിശാല ലക്ഷ്യം കൂടി സേര്‍ട്ട് കേരളയ്ക്കുണ്ട്.

ഇക്കാര്യങ്ങള്‍ വിശദമാക്കിക്കൊണ്ട് സേര്‍ട്ട്-കേരള സംസ്ഥാന ഐ.ടി.വകുപ്പിന് കത്തയച്ചിട്ടുണ്ട്. സംസ്ഥാന സര്‍ക്കാരിന്റെ ഇരുന്നൂറോളം വെബ്‌സൈറ്റുകളും നൂറോളം കമ്പ്യൂട്ടര്‍ അനുബന്ധ ഏജന്‍സികളും ആദ്യഘട്ടത്തില്‍ സേര്‍ട്ട് കേരളത്തിന്റെ പരിധിയില്‍ വരും. കേന്ദ്രസര്‍ക്കാരിന്റെ ഐ.ടി നിയമം അനുസരിച്ച് പ്രവര്‍ത്തിക്കുന്ന സ്വയംഭരണ സ്ഥാപനമായ സേര്‍ട്ട്-ഇന്ത്യയുടെ അനുബന്ധമായി പ്രവര്‍ത്തിക്കുന്നതിനാല്‍, വിദേശത്തുനിന്നുള്ള സൈബര്‍ ആക്രമണങ്ങള്‍ നേരിട്ട് അന്വേഷിക്കാന്‍ സംസ്ഥാന സര്‍ക്കാരിന് കഴിയും.

Safari Browser Hack Reveals AutoFill Security Concerns

2010-07-23T10:29:00.000-07:00

Safari Browser Hack Reveals AutoFill Security Concerns: "The security flaw revealed in the Safari Web browser is more serious than others, but also highlights the security and privacy concerns with the AutoFill feature in general.

Hackers were visionaries

2010-07-19T08:55:00.000-07:00

The term computer hacker first showed up in the mid-1960s. A hacker was a programmer -- someone who hacked out computer code. Hackers were visionaries who could see new ways to use computers, creating programs that no one else could conceive. They were the pioneers of the computer industry, building everything from small applications to operating systems. In this sense, people like Bill Gates, Steve Jobs and Steve Wozniak were all hackers -- they saw the potential of what computers could do and created ways to achieve that potential.

A unifying trait among these hackers was a strong sense of curiosity, sometimes bordering on obsession. These hackers prided themselves on not only their ability to create new programs, but also to learn how other programs and systems worked. When a program had a bug -- a section of bad code that prevented the program from working properly -- hackers would often create and distribute small sections of code called patches to fix the problem. Some managed to land a job that leveraged their skills, getting paid for what they'd happily do for free.

As computers evolved, computer engineers began to network individual machines together into a system. Soon, the term hacker had a new meaning -- a person using computers to explore a network to which he or she didn't belong. Usually hackers didn't have any malicious intent. They just wanted to know how computer networks worked and saw any barrier between them and that knowledge as a challenge.

In fact, that's still the case today. While there are plenty of stories about malicious hackers sabotaging computer systems, infiltrating networks and spreading computer viruses, most hackers are just curious -- they want to know all the intricacies of the computer world. Some use their knowledge to help corporations and governments construct better security measures. Others might use their skills for more unethical endeavors.

Is cyberwar coming?

2010-07-19T08:28:00.000-07:00

Not every battle takes place over rugged terrain, on the open sea or even in the air. These days, you'll find some of the fiercest fighting going on between computer networks. Rather than using bullets and bombs, the warriors in these confrontations use bits and bytes. But don't think that digital weaponry doesn't result in real world consequences. Nothing could be further from the truth.

Consider that all the different systems in the world are connected to the Internet :

Emergency services
Financial markets and bank systems
Power grids
Water and fuel pipelines
Weapons systems
Communication networks

That's just the beginning. Think about all the services and systems that we depend upon to keep society running smoothly are automated with computer programmes and runs on computer networks. Even if the network administrators segregate their computers from the rest of the Internet, they could be vulnerable to a cyber attack. So next generation battlefield should be the cyberspace and hence cyberwar is a serious concern.

New Virus Targets Industrial Secrets

2010-07-18T02:05:00.000-07:00

"Siemens is warning customers of a new virus that targets its SCADA industrial control systems.

Malicious 'Payment request from' email attack strikes inboxes

2010-07-14T10:16:00.000-07:00

E-mails purporting to contain a payment request from eBay are hitting inboxes around the world:

The message contains no text - just an attached .html file. If the file is downloaded and opened, an embedded malicious JavaScript runs and redirects the victim's web browser to a compromised webpage.

According to Sophos, two things happen after that:

1. The victim's browser is redirected again and opens up a spam-site (Canadian Pharmacy or similar)
2. Simultaneously, a malicious iFrame downloads all sorts of malware from other websites where it's hosted.

The redirection to the spam-site is just a trick to camouflage the real goal of this spam campaign: getting your computer infected. This attack is a combination of two techniques (1, 2)that have lately been prominently featured in the online criminals' repertoire.

"Perfect Citizen"

2010-07-10T07:22:00.001-07:00

"Perfect Citizen" is the code name for a new U.S government-sponsored program aimed at detecting cyber attacks targeting private and government agencies that run the critical U.S. national infrastructure.

Pirate Bay - The famous file-sharing website hacked

2010-07-09T06:01:00.000-07:00

Dogged by the music and movie industry, its founders are defending themselves and their creation in the court of law and the site is in danger of getting its domain seized by the US Government.

But this latest development could prove even more damaging to the site - and it's users. A group of Argentinian hackers (or, as they call themselves, security researchers) have discovered multiple SQL injection vulnerabilities that allowed them to access the site's administration panel and, through it, information regarding its members.

Free protection from malicious web pages

2010-07-07T05:19:00.000-07:00

Trend Micro Browser Guard 2010 is a free browser plug-in which proactively protects users against Internet threats by identifying malicious web pages and blocking the threat before it can infect the user's computer.

It can protect users from sophisticated Internet threats such as the Hydraq and Aurora Zero-day attacks. These type of attacks are comprised of malicious threats in various communication vectors—email, web, and file--and take advantage of zero-day, unknown, vulnerabilities in Internet Explorer.

Cybercriminals often secretly insert malicious JavaScript onto web pages in the hope that people using vulnerable versions of IE browsers visit these pages and inadvertently download the malware onto their computers.

Browser Guard protects users from such attacks by analyzing and subsequently blocking malicious JavaScript from exploiting vulnerabilities and performing malicious activities on the user's computer. Browser Guard communicates with the Trend Micro Smart Protection Network infrastructure, bringing users the latest Internet protection whenever they surf the web, even if they use other Trend Micro products.

Supported operating systems for Browser Guard include: Windows XP Home/Professional (with the latest service pack), Windows Vista (with the latest service pack), and Windows 7.

YouTube hack: No virus, just a XSS flaw - and it's already fixed

2010-07-06T11:29:00.000-07:00

This weekend seemed like the perfect time for hackers to take advantage of a cross-site scripting vulnerability in YouTube's comments to bombard the users with annoying pop-ups that often contained fake news of a deadly car crash that involved teen star Justin Bieber and links that would take them to adult-content sites. The hackers even managed to disable comments altogether.

The hackers managed to bypass the filter that sanitizes the HTML code employed in the comments, and insert their own scripts. The attack was extremely simple to execute - two script tags in a row allowed the hackers to insert Javascript in the comments.

Luckily for the users, YouTube reacted promptly. "Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours," said the Google spokesman, and din't offer any details about the fix. ars technica speculates that they have probably stripped the comments of the double script tags and adjusted the HTML filter.

In the two hours this was going on, rumors and warnings of viruses and infections waiting for YouTube users ran rampant on Twitter.

"If this exploit had been discovered by a professional moneymaking outfit, there could have been all sorts of subtle attacks taking place for a long time – not good, given the apparent simplicity of the attack," wrote Sunbelt's Christopher Boyd, who posted different examples of how the flaw was picked up and misused by scammers: redirects to porn sites that steal email addresses, malware warnings that tried to get the users to delete the System32 folder, and others.

Malicious PDF spam with Sality virus

2010-07-04T23:13:00.000-07:00

Malicious spammers will try every approach they can think of to make you open the attachments included in emails.

Sophos (a developer and vendor of security software and hardware) warns that a malicious email containing the following text has been dropped into inboxes around the world:

"Hey man..
Remember all those long distance phone calls we made.
Well I got my telephone bill and WOW.
Please help me and look at the bill see which calls where yours ok.."

You surely don't remember such an occurrence or the sender of the email, since this is just a ploy to make you open the PhoneCalls.pdf attachment, but don't let your innate curiosity get the better of you.

The attached file is crafted in such a way that it can exploit a vulnerability in how Adobe Reader handles TIFF images, and proceeds to download and execute a Trojan that loads the Sality virus into your system's memory. The virus then proceeds to append its encrypted code to executable files, deploys a rootkit and kills anti-virus applications.

Having an up-to-date version of Acrobat Reader and of an anti-virus solution installed can help detect this threat, but teaching yourself to detect suspicious emails such as this one is also a great idea.

Just remember that opening documents attached to unsolicited emails is like the online equivalent of Russian roulette - the odds are stacked heavily against you.

Google searches millions of web pages for phishing behavior

2010-07-01T10:42:00.000-07:00

Google analyzes millions of pages per day when searching for phishing behavior. This kind of activity is, of course, not done by people but by computers.

The computers are programmed to look for certain things that will identify the page as a phishing site. Those things are actually the same things that users should check when evaluating if a page is legitimate or not.

According to a post on Google's official online security blog, the first step is looking at the URL- Does it contain words like "login" or "banking" or trademarks of the phishing target? Does it use an IP address for its hostname? Does it have a large number of host components, making the address unusually long? If the answer is yes to all of these questions, the page could be a phishing one.

The second step consists of analyzing the page - Does it contain a password field? Does the majority of the links point to the phishing target so that the phishing pages functions as the legitimate one would? Google's computers check also the terms most often used on the page, and a telling terms like "password" raises a red flag.

The third step consists of a look-up of the hosting information - does the institution claim to be based in one country but the webpage is hosted on servers in another country and on a local ISP’s network? If the answer is yes, chances are high it's not a legal site.

Lastly, checking to see whether the page is popular and checking the spam reputation of the domain on which the page is hosted will give you another clue - phishing pages are usually hosted on domains that have a (bad) reputation when it comes to spam sending.

When all these clues are combined and indicate that the site is likely set up for phishing purposes, it is put on Google's blacklist that is used by the browsers to warn the users that they have landed on a malicious page.

"False positives" do happen, but they happen once every 10,000 checked pages, and even then it is usually a site set up for some other malicious purpose. The basis on which the classifier is trained to recognize phishing pages is provided by a sample of around ten million analyzed URLs in the last three months and an addition of current features, and it is executed once a day.

Phishers may use a number of techniques to try and bypass this system, but they can't escape forever. The more people come to their site, the likelihood of someone recognizing it for what it is and reporting it to Google rises, so it's just a matter of time before it gets flagged.

Defacement of indian websites

2010-07-01T10:12:00.000-07:00

Computer Emergency Response Team of India has identified defacement in 866 Indian websites during April 2010.

Cert-KERALA

2010-07-01T07:33:00.000-07:00

With the expansion of e-governance, the threat and vulnerability to cyber attack on IT assets has increased. Government of Kerala and its organizations has over 200 websites and nearly 100 different applications running. Most of these are not observing adequate security standards and are extremely vulnerable to threats. A cyber attack can lead to various important services inaccessible to citizens and the network and the websites may be corrupted by potential hackers.

As per the Crisis Management Plan for countering cyber attacks and cyber terrorism prepared by Government of India, States should draw up their own sectoral Crisis Management Plans and implement the same. Since there is lack of adequate expertise in Government/Government Agencies/Kerala IT Mission for handling/preparing such sectoral contingency plans and handling any crisis that may happen due to cyber attack/cyber terrorism, it emerged that there is need for setting up an ongoing permanent mechanism which would act as nodal agency for monitoring various cyber security related matters for Government of Kerala/Government Organisations.

Government of Kerala have therefore felt the need for setting up of Computer Emergency Response Team-Kerala (CERT-Kerala or CERT-K) in line with CERT-India(CERT-IN) to ensure cyber security in the state and announced setting up of the same vide G.O.(MS) No:15/2010/ITD dated 3^rd April 2010.

Contact

DirectorComputer Response Emergency Team (CERT-Kerala)Information Technology DepartmentTC 25/3436, VandanamUppalam RoadStatueThiruvananthapuram - 695 001
Phone - 0471 2571423Mob - 98460 21045

Cert-KERALA

2010-06-28T11:34:00.000-07:00

Cert-KERALA: "With the expansion of e-governance, the threat and vulnerability to cyber attack on IT assets has increased. Government of Kerala..."