null bangalore meet feb 2010 - news bytes
DESCRIPTION
null Bangalore meet Feb 2010 - news BytesTRANSCRIPT
Operation AURORA
Damballa released 31 page report titled "The Command Structure of the Aurora Botnet: History, Patterns and Findings,"
IT is a ‘garden variety’ Command and control botnet
First noticed by Google in December 2009, made public on January 12, 2010
Operation AURORA
The primary malware Hydraq is a later staging in a series of malwares consisting of At lest three different families
Were deployed using fake antivirus infection messages tricking the victim into installing the malicious botnet agents
“ Trojan.Hydraq would have been just another piece of dumb malicious software if it did not have the ability to connect to a CnC server and receive new instructions”
The Damballa research paper can be downloaded at: http://www.damballa.com/research/aurora.
+ =
Attacker entices the victims to press F1 on their website
Display a message box that does not go away until F1 is pressed
Affects older Windows like XP or 2000
Help !
Workaround
cacls "%windir%\winhlp32.exe" /E /P everyone:N
Help !
Warning about a unpatched flaw in IE 6 and 7
Invalid pointer reference bug
IE Zero Day
IE 6 service pack 1 on Windows 2000 service pack 4 and IE 7contain this bug
IE Zero Day
Attacker entices the user to click on a Link in an Email or Messenger
User visits a website with malicious code
Microsoft Patches up
Issued patches that fix vulnerabilities in Windows and Office
MS 10-016 patch = addresses flaw in Movie maker that allowed remote command execution
MS 10-017 patch = addresses vulnerabilities in Excel
Adobe released a fix which updates the Reader from 9.3 to 9.3.1
Subvert the domain sandbox and make Cross Domain Calls
Allowed an attacker to crash the program and execute commands
Adobe fix
Zeus Trojan
Zeus collected extensive data from individuals at commercial and government systems,
Around 68,000 corporate login credentials, 2,000 SSL certificate files, and usernames and passwords for online banking sites and social networks.
Zeus Trojan
Zeus is capable of stealing data from protected store of a PC
Criminals exploited vulnerabilities in Adobe Flash and holes in Adobe reader.
Malicious PDF’s were used
“This you ???”
“somebody wrote something about you in this blog here”
You will get a URL, clicking on it would ask you to login into a third party site
Twitter Phishing
Firefox Add-Ons
Master Filer Sothink Web Video Downloader version 4
They were able to sneak through Mozilla’s malware scanner
Upload all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission.
ClamAV
Cloud Security Alliance names top 7 threats to Cloud
Similar to OWASP Top 10
Abuse and Nefarious Use of Cloud Computing Insecure Interfaces and API Malicious Insiders
http://www.cloudsecurityalliance.org/topthreats.html
Cloud Security
Windows 7 has a ‘SoftAP’ which allows a PC to function as Wi-Fi client and an access point simultaneously
This masks the entry of unauthorized users onto the corporate network.
It also can allow parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.
Windows 7
School used student laptop webcams to spy on them at school and home
School used student laptop webcams to spy on them at school and home
The issue came to light when the Robbins's child was disciplined for
"improper behavior in his home" and the Vice Principal used a photo taken
by the webcam as evidence.
Spy Kids
Twitter users celebrate 10 billion tweets
Virgin rolling out 100Mbps broadband this year
Now almost 200 million registered domains
Google hammered for Buzz privacy issues
Thank You