Firesheep, Botnets, Adobe Lead Security News
WiFi hacking, botnets and zero-days led the news this past week in security.
The release of the Firesheep extension for Firefox put the spotlight on protecting Internet users. The tool, which was released at the ToorCon 12 conference, allows attackers to hijack the sessions of social network users on open wireless networks. Firesheep set off a bit of a firestorm, and prompted another developer to release a tool known as Idiocy that targets sessions on Twitter and sends a warning to victims that their session has been compromised.
Firesheep's appearance also prompted IBM to discuss its concept of "Secure Open Wireless."
While attackers may have gotten some new toys in the past week, they also were put on the defensive when Dutch authorities led a takedown of a botnet of PCs infected with the Bredolab Trojan. Bredolab is a Trojan downloader that is used to infect the machines it's on with other malware. But the effect of the takedown, which culminated in an arrest, did not last long.
"The key point here is that although a large botnet was taken down by the Dutch National Crime Squad on Monday, in only a matter of days Bredolab is back on our radars as a different strain or variant," said Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services. "This demonstrates both the increasing strength and robustness of botnets, in addition to highlighting the scale of the challenge faced by our industry, and the global law enforcement community."
Bredolab, Wood noted, is a breed of pay-per-install malware, and attackers can buy Bredolab-infected bots in bulk and install their chosen malware. In an article here, eWEEK found that the bot-for-sale business is going strong, with botnets being rented for distributed denial-of-service attacks for as little as $50 a day.
Compromising computers of course typically relies on vulnerabilities. Adobe Systems patched several vulnerabilities in Shockwave Player, but was also forced to issue an advisory on a new zero-day in Adobe Flash Player. Adobe also reported that one of the Shockwave bugs, CVE-2010-3653, is being exploited in the wild.
"This vulnerability (CVE-2010-3654) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warned. "There are reports that this vulnerability is being actively exploited in the wild against Adobe Reader and Acrobat 9.x. Adobe is not currently aware of attacks targeting Adobe Flash Player."