Threat Down - 6/24/2012
Sunday, June 24, 2012 at 10:30PM Welcome to the Threat down for the week ending on June 24, 2012. Here is a recap of noteworthy news items from throughout the week.
Top Security News
United States Accused of Using Flame to try to Cripple Iran's Economy
With news on Flame finally wrapping up dailytech.com puts a nice article together summing up current data on the event. While cyber espionage is nothing new, Flame has brought it to the attention of the masses, reiterating what most learned from Stuxnet.
Printer bomb malware wastes reams of paper, sparks pandemonium
What’s worse than losing 1,000’s of SSN’s, or Intellectual Property? Malware has infected hundreds of networks causing printers to empty their print tray with mass quantities of binary handouts. While some of you may mock the seriousness of this situation, you wouldn’t if you knew how much print cartridges cost. Jokes aside, it is not apparent at this point if this was the goal of this malware or a side effect (maybe distraction).
US-CERT discloses security flaw in Intel chips
A flaw in the way Intel CPU’s handle the SYSRET instruction for error handling can allow attackers to launch malicious code with kernel privileges. The really interesting part here, is how this could allow guest to host escape in virtual environments. VMware is not affected though.
BYOD exposes the perils of cloud storage
IBM, an advocate for BYOD blocks access to cloud storage services such as Dropbox after finding users were placing Intellectual Property in “the cloud”. While BYOD was the catalyst for finding cloud storage woes at IBM, I wish instead this focused on why cloud storage is bad for an enterprise. It would be a shame if malware leveraged cloud storage for data exfiltration …
Google warns about 'state-sponsored' hack attacks
Upon logon, Google will inform certain users that they may be the target of a state sponsored attack. Google has not yet let on how they are determining this, but in my opinion, their proactive stance to security as of late has been nothing but good.
Attack code published for 'critical' IE flaw; Patch your browser now
I know that some of you are still weary of Windows Update after all the Flame talk these last few weeks, but it is time to ensure it’s on and serving up the latest set of patches. Attack code has been published and made easily accessible via Metasploit.
Virtual analysis misses a third of malware
I hate when articles make claims such as the title without referencing any actual study or metrics. That said, I think this brings to light something that some of us in the Malware analysis field need to understand and preach to customers and leadership. Malware can and some do, detect when they are in a virtual environment, common sandboxes, or even common honeypots. Virtual malware analysis and automated malware analysis are not going to find everything.
Honorable Mentions
The Failure of Anti-Virus Companies to Catch Military Malware
Data breach? Virtual bounty hunters will hunt it down
Ransomware Can Strike Anywhere
Google detects 9,500 new malicious websites daily
Hackers publish payday loan emails after failing to levy 'idiot tax'
Forget AV. Locking up cyber-crimes more effective
Google Apps admins can now enforce use of two-step log-in process
Nigerian email scam is used to find only the most gullible targets
Louisiana Sex Offenders Must Make Their Crimes Visible on Social Networks
Analysis of drive-by attack sample set
Reader Comments