Mac Malware, DoS Tools, Cyber-War Lead Week's Security News
Mac malware dominated the news this week, as security researchers uncovered a new Trojan capable of hijacking Mac OS X systems and launching denial-of-service attacks on another server, downloading additional malware on the infected system and providing attackers with remote access on to the computer. The Tsunami Trojan was a version of an older backdoor Trojan for the Linux operating system. While Windows Trojans have been re-packaged for the Mac before, Tsunami is likely the first to come over from the Linux world. The malware has already been mutating, with hackers adding new capabilities. There are versions attacking both 64-bit and 32-bit Intel x86 and PowerPC Mac computers.
A new denial of service attack tool targeting SSL servers was released this week. The THC-SSL-DOS tool exploits known issues with how SSL connections work to make it possible to launch denial-of-service attacks against a server over a plain residential DSL connection and a laptop.
As a general rule, for a denial of service attack to be effective, attackers either needed a lot of bandwidth, typically more than would be available on a DSL line, or a lot of computers to make up for the narrow network pipe. Since the THS-SSL-DOS tool attempts to establish a large number of SSL connections with the target server, it winds up eventually consuming all the system resources and making it unavailable, according to the developers, a German hacking outfit called The Hackers Choice (THC).
Brian Krebs, a security writer and principal analyst for Krebs on Security, said the type of malware used to attack RSA Security earlier in the year may have also hit more than 700 other organizations. These organizations weren't attacked with technology stolen from RSA Security, but rather faced malware attacks using similar command-and-control infrastructure used by the malicious Excel spreadsheet that penetrated RSA's systems.
Affected organizations included technology and non-technology companies. Even though internet service providers were included in the list posted on Krebs on Security, it was more likely that one of the subscribers had been hit and not the provider's networks, according to Krebs.
Mitsubishi Heavy Industries has acknowledged there was a possibility that when cyber-attackers had infected more than 80 computers and servers, breached its networks, and copied data from one server to another, that some of that data may have left the company. Japan's largest defense contractor remained mum about what may have been leaked.
The Japanese government had other cyber-worries to deal with, as reports emerged of systems belonging to members of Parliament and dozens of Japanese embassies abroad being infected with unknown malware over the summer. Security experts warn that cyber-attackers can target United States critical infrastructure and cause a lot of damage. Department of Homeland Security Janet Napolitano said attackers were already attacking critical financial systems, transportation and other sensitive areas at an event in Washington, D.C. this week. It was important that Congressional lawmakers pass cyber-security legislation, she said.
Napolitano's speech came a few days after BusinessWeek revealed the contents of a draft report by a Congressional commission which claimed that malicious perpetrators had interfered with two United States satellites four times over the past few years. While the U.S. China Economic and Security Review Commission report fell just short of directly accusing the Chinese government for backing the attackers, the commission said the tactics were consistent with strategies outlined in published Chinese military writings.