Your Cyber Intelligence Source

Cyveillance’s President and CEO, Panos Anastassiadis, was targeted by new approach to an old scam, spear phishing. Earlier this morning, the following email was sent to Mr. Anastassiadis:

Like many other spear phishing attacks, the phisher performed research before launching his or her attack. Specifically, the individual was able to locate use our CEO’s email address and the Cyveillance phone number in the email. This information was used to enable and build additional credibility for the attack. 

The email instructed Mr. Anastassiadis to appear in the US Courthouse on May 7, 2008 and provided a link to download the subpoena for specific information. Clicking on link takes you to the following page:

As you can see, the Web page claims that the case has been closed and no further action is required from the visitor. However, clicking on the link will not only load this page, but will also download a Trojan-Downloader onto the computer that would not be detected by the majority of Anti-Virus companies. Specific information about the malware used in the attack can be found at: http://www.virustotal.com/analisis/13bfb6913f9c328c7b657fce4ba4c731.

The size of this attack is not yet known, but security managers should ensure that personnel, especially executives, are aware of this latest phishing attack vector.

Beginning May 5, 2008, Google will no longer protect brand holders against competitors bidding on their trademarked terms in pay-per-click advertising.  Previously, Google Adwords policy allowed trademark holders to eliminate the unauthorized use of their trademarks as bid terms by competitors.   Brand Republic has the story here.

At best, the policy change will increase bid prices requiring advertisers to pay more for ads triggered by their own marks.  At worst, the policy may result in more widespread customer diversion as well as increase fraud-related activity that uses pay-per-click as the attack vector.

It’s hardly newsworthy that security experts at the RSA Conference this week pointed to malware as the biggest threat facing the Internet today.  However, a more thought provoking, if not somewhat controversial idea about malware was put out there by a noted security expert who offered that “the most effective approach to tackling botnets would be to impose penalties on people who allow their computers to become infected, making users take more responsibility.”  Read the story here. 

While it’s critical that we explore new solutions, the idea of holding consumers responsible for becoming infected with malware is hard to imagine.   For starters, given that between 20 to 40 percent of malware is not detected by endpoint security software, is it reasonable to expect every day Internet users to protect themselves from a continual barrage of malware-based attacks?  Our best and brightest security experts have been unable to address the malware threat.  Will a largely non technical Internet audience significant reduce malware problems because of the threat of penalties?

Clearly, consumers have a responsibility to take reasonable precautions in order to protect themselves from online attacks. But it’ll take new approaches by businesses, security providers and government to really make a dent in the problem. Consumers are the weak link in the security chain. Social engineering combined with increasingly sophisticated technical attacks are too much for the average Internet user to overcome. A big part of the malware solution has to be hardening the consumer against human-based vulnerabilities. Otherwise, we’ll create an Internet that is not practical for use by the average Joe.

Yesterday’s revelation that certain Google search results contain tainted URLs that simultaneously take consumers to their intended site, as well as redirect them to a second site for the purpose of installing malware, shows the bad guys continue to get creative. Read about it here in USA Today Cross site scripting, phishing and web-delivered malware are not new threats, but the combination of these elements along with proven search engine optimization techniques poses a pretty lethal combination.

Hopefully, Google will take steps to protect its customers from these attacks. Web site operators can do their part, too. You can help protect your Web site from cross site scripting attacks by ensuring that your application performs validation of all headers, cookies, query strings, form fields and hidden fields.

Today’s front page article in USA Today points out the growing importance that intelligence gleaned from the open source Internet plays in national security. Excerpts:

The explosion of information available via the Internet and other public sources has pushed the collection and analysis of that material to the top of the official priority list in the spy world, intelligence officials say.

Open sources can provide up to 90% of the information needed to meet most U.S. intelligence needs, Deputy Director of National Intelligence Thomas Fingar said in a recent speech.

It appears that the recently retired Oldsmobile brand will soon return as a Japanese car. Even more surprising, Toyota was able to obtain the rights to the Olds brand because GM failed to process the appropriate paperwork to re-register the brand name. Read about it here.

There can’t be an easy to way to tell your boss that you just lost a 100+ year old brand to a procedural error. On the positive side, Oldsmobile may now see their reliability ratings soar.

eWeek updates the Hannaford data breach story, explaining that malware was found to be present on the Web servers located in every grocery store owned by the chain. While the source of the malware remains unknown, the data breach exemplifies the damage that purpose-built malware can inflict on its target.

Read the rest of this entry »

The online ticket site EuroTicketShop.com was identified as distributing malware to visitors when they attempted to buy tickets for the upcoming soccer tournament. According to a security alert from Sophos, as reported in ComputerWorld, hackers were able to inject malicious code into the site which is downloaded to the computers of fans visiting the legitimate ticket site. The article points out that Google pay-per-click advertisements were being used to attract visitors to the hacked site as well.

Read the rest of this entry »

Search Engine Roundtable reports a new round of phishing attacks that target the credit and debit card numbers of Google AdWords customers. This more classic form of phishing, in that a Web form is served up to collect financial information, is different than the AdWords malware fraud reported earlier this month. Don’t be surprised if future variants of these phishing attacks target login credentials so the phishers can take control of the accounts and serve up fraudulent advertisements to lure consumers to bogus Web sites.

Juicy Campus, the site created so that college kids can anonymously dish about, and in some cases slander, their fellow students is rekindling debates about Internet anonymity. For students who find themselves victimized by malicious comments, the nature of Juicy Campus leaves them little recourse for having the postings removed and identifying the responsible parties for potential libel claims.

Read the rest of this entry »