DNS attacks on popular websites

Keep in mind that today’s DNS hacks of popular websites such as acer.com, ups.com, theregister.co.uk were just that.  A DNS hack.  The actual sites themselves have not been compromised.  For example:

UPS.com was altered to point to ups.com.85621INNSns1.yumurtakabugu.com

The attackers only changed the NS records for the website.  This could have been much worse.

References:
http://isc.sans.edu/diary.html?storyid=11503&rss
http://nakedsecurity.sophos.com/2011/09/04/dns-hack-hits-popular-websites-telegraph-register-ups-etc/

Posted in Internet, Privacy, Security | No Comments

Mathilde Decagny

We really do underestimate the dog trainer from the show Frasier. Thank you Mathilde Decagny!

(way off topic. sorry)

Posted in General BS | No Comments

Zeus bank Trojan now fused with Ramnit worm

Researchers have uncovered evidence that the infamous Zeus login-stealing Trojan has been blended with the Ramnit worm to create hybrid malware that can attack online bank accounts while spreading across networks.

Security company Trusteer said it recently discovered a mutant version of Ramnit that appeared to be using a man-in-the-browser (MitB) web injection module to trick bank customers into handing over their logins details, a technique straight out of the Zeus (aka ‘SpyEye’) design book.

The company has not yet established that the malware’s source code was definitely from Zeus, but is confident that there was now enough circumstantial evidence to suggest that it was. The Zeus source code is believed to have become widely available in criminal circles in May after a leak of unconfirmed origin so security watchers have been on the lookout for new malware incorporating some of its most powerful and often very specific features. Trusteer is convinced that the Ramnit variant is the first recorded example of that.

Source:
http://www.macworld.co.uk/digitallifestyle/news/index.cfm?newsid=3299152&olo=rss

Posted in Internet, Privacy, Security | No Comments

Security Essentials now detects the new “killapache.pl” script

MS Security Essentials is already detecting the killapache perl script that’s floating around the Full Disclosure mailing list. This is one more reason that I love this AV program and strongly recommend it for all Windows’ users.

Posted in Internet, Linux, Security | No Comments

Google+ Gets a “+1″ for Browser Security

Launching a new Web app today comes with a few certainties, and one of them is, “I will be a target for hackers” for sure.  So when an app as large and as high profile as Google+ launches, it will surely be one of the top targets for malicious activity.  This happened to Facebook the more popular it grew and it still is a favorite platform for malicious activity.  I did some analysis of the HTTP traffic between Google+ and the browser and found that Google is off to a good start in regards to browser security.

Source:
http://www.barracudalabs.com/wordpress/index.php/2011/07/21/google-gets-a-1-for-browser-security-3/

Posted in Internet, Privacy, Security | No Comments