Data breaches dominated headlines this week, but there were
also some good news from the botnet front to finish out the month of March.
The week began with a gloating
email from the person claiming to have been behind the attack on Comodo
partners that resulted in nine fraudulent SSL certificates being issued. While
Iranian, the hacker denied any ties with the Iranian government, stripping
Comodo CEO Melih Abdulhayohlu’s assertion that it had been a government-led
attack. The hacker gave more details in a follow-up
note in response to critics who claimed he was a hoax.
There were a number of data breaches, as oil
giant BP admitted to losing a laptop with claims information from people
affected by last year’s massive oil spill and credit card numbers were stolen
from the engineering society IEEE’s database. Organizations remain concerned
about RSA’s SecurID breach. NASA
didn’t help matters with the latest audit report from the Office Inspector
General about the space agency’s numerous network vulnerabilities, raising the
specter of a massive data breach that may compromise missions. McAfee also published a report pointing out
that corporate espionage is easier and more lucrative, and companies are
under-reporting data breaches.
Oracle’s Sun.com and MySQL.com were hit by simultaneous blind
SQL injection attacks by the same team of hackers, but it wasn’t clear if the
attackers exploited the same flaw in both sites. A number of
cross-site-scripting vulnerabilities are exposed for these two sites, and more embarrassingly,
for McAfee
as its Web site is full of the exact flaws it claims to help its customers
detect and close.
A mass-injection attack dubbed Lizamoon is spreading over
the Web, affecting hundreds of thousands of sites and millions of URLs. While
it’s still a little unclear how the attackers are injecting the compromising
piece of code into the pages, users should make sure they have the most
up-to-date definitions for their antivirus software, and not click on anything
that purports to find malware and asks for money to clean them. The antivirus
vendors have been slow on the uptake, but a little over half of the major
antivirus software tracked by VirusTotal now appears to be detecting the rogue scareware
used by LizaMoon.
Following the attack on the European Commission, there was
another attack on the European Parliament. There were no reports of anything
being stolen, yet.
It turns out that phishing declined in 2010, according to
our friends at IBM X-Force, and the Microsoft-led raid on Rustock in early
March seemed to have had an unexpected side benefit: the Harnig malware botnet
is no longer online.
On the malware front, an Android Trojan tries to scare users
into not downloading pirated Android apps by stealing personal information and
sending out humiliating SMS messages to everyone on the contacts list. Everyone
thought Samsung was installing keyloggers by default, but it turns out to be a
false positive by an antivirus. Samsung still hasn’t replied to eWEEK’s
requests for comment as to why the support supervisor admitted to the security
researcher that Samsung put the software there, though.
IT Security & Network Security News & Reviews News & Reviews 
