Data Breaches, LizaMoon Topped Last Week's Security News

 
 
By Fahmida Y. Rashid  |  Posted 2011-04-04
 
 
 

Data breaches dominated headlines this week, but there were also some good news from the botnet front to finish out the month of March.

The week began with a gloating email from the person claiming to have been behind the attack on Comodo partners that resulted in nine fraudulent SSL certificates being issued. While Iranian, the hacker denied any ties with the Iranian government, stripping Comodo CEO Melih Abdulhayohlu's assertion that it had been a government-led attack. The hacker gave more details in a follow-up note in response to critics who claimed he was a hoax.

There were a number of data breaches, as oil giant BP admitted to losing a laptop with claims information from people affected by last year's massive oil spill and credit card numbers were stolen from the engineering society IEEE's database. Organizations remain concerned about RSA's SecurID breach. NASA didn't help matters with the latest audit report from the Office Inspector General about the space agency's numerous network vulnerabilities, raising the specter of a massive data breach that may compromise missions.  McAfee also published a report pointing out that corporate espionage is easier and more lucrative, and companies are under-reporting data breaches.

Oracle's Sun.com and MySQL.com were hit by simultaneous blind SQL injection attacks by the same team of hackers, but it wasn't clear if the attackers exploited the same flaw in both sites. A number of cross-site-scripting vulnerabilities are exposed for these two sites, and more embarrassingly, for McAfee as its Web site is full of the exact flaws it claims to help its customers detect and close.

A mass-injection attack dubbed Lizamoon is spreading over the Web, affecting hundreds of thousands of sites and millions of URLs. While it's still a little unclear how the attackers are injecting the compromising piece of code into the pages, users should make sure they have the most up-to-date definitions for their antivirus software, and not click on anything that purports to find malware and asks for money to clean them. The antivirus vendors have been slow on the uptake, but a little over half of the major antivirus software tracked by VirusTotal now appears to be detecting the rogue scareware used by LizaMoon.

Following the attack on the European Commission, there was another attack on the European Parliament. There were no reports of anything being stolen, yet.

It turns out that phishing declined in 2010, according to our friends at IBM X-Force, and the Microsoft-led raid on Rustock in early March seemed to have had an unexpected side benefit: the Harnig malware botnet is no longer online.

On the malware front, an Android Trojan tries to scare users into not downloading pirated Android apps by stealing personal information and sending out humiliating SMS messages to everyone on the contacts list. Everyone thought Samsung was installing keyloggers by default, but it turns out to be a false positive by an antivirus. Samsung still hasn't replied to eWEEK's requests for comment as to why the support supervisor admitted to the security researcher that Samsung put the software there, though.

Rocket Fuel