The past week's most prominent IT security news included the massive spam attack against Facebook, outrage over a new federal anti-piracy bill and an attack on critical infrastructure in the United States.
The Web exploded in outrage as the House Judiciary Committee conducted hearings on Nov. 16 to discuss the Stop Online Piracy Act
. Consumer advocacy groups, industry organizations and technology giants slammed Congress for stacking the witness panel
with five advocates for the bill and only one against the bill.
None of the speakers supporting the bill had any security expertise,
leaving them unable to respond to charges that the filtering provisions
in SOPA would cause problems for the DNSSEC
security technology that is increasingly being adopted to prevent abuses of the Domain Name Service system.
In a different hearing a day earlier, the Department of Justice
asked the House Judiciary Committee's Subcommittee on Crime, Terrorism
and Homeland Security to expand the Computer Fraud and Abuse Act to
make it a crime to violate terms of service on Websites. The amendment
would make it a federal crime for users to use pseudonyms
Earlier in the week, Facebook users logged in and were appalled to
find their newsfeeds were full of explicit content and violent images.
It turned out that a massive spam attack
had taken advantage of an injection flaw in Web browsers. Users were
tricked into copying and pasting malicious code into the URL bar of the
Web browser and executing the code, which hijacked the newsfeed to
spread violent and explicit images.
Facebook declined to identify which Web browser had the flaw but
said the problem was under control. The social networking giant also
said the perpetrators had been identified and it was pursuing legal
action against them.
The technique used in the spam attack was "not new," according to
Mike Geide, senior security researcher at Zscaler ThreatLabZ. There
injection method," he said.
"Be careful of all actions you take while online, even copying and pasting content into your URL bar," Geide warned.
Security researchers disclosed that they found that some versions of the DNSchanger malware
had been distributed by the sophisticated TDSS rootkit. The DNSchanger
malware was usually part of a "cocktail" of other malicious
applications running on infected machines, according to Kaspersky Lab
Kaspersky Lab also uncovered more details about the Duqu Trojan
reporting that a research team had identified all the individual
components of the malware and managed to track down the initial email
message that launched an attack against an unnamed company in Sudan.
Kaspersky researchers were also "convinced" that despite other security
researchers' claims to the contrary, whoever wrote the malware was
involved in some way in the development of Stuxnet worm.
The ongoing research into Duqu, and the fact that it may be
targeting companies that make industrial control systems in order to
steal information, was underscored by reports that attackers had
compromised a vendor that makes supervisory control and data
acquisition (SCADA) software and stole customer credentials.
At least one set of credentials were allegedly used early in
November to remotely break into a public water utility's networks in
Illinois and damage a water pump
A Norwegian government agency also reported there were attacks this
year against at least 10 oil, energy and defense companies in which
sensitive information was stolen and transferred out of the country.
The ongoing investigation of last year's Directors Desk breach at Nasdaq
stock exchange has uncovered lax security practices, such as outdated
software and improperly patched systems. The issues were a surprise
considering the sensitivity of financial systems, Reuters said.