Cyber Cafes Under Attack!!!! Oh No!!!

July 2008

Internet cafés under attack. A new piece of malware has been spotted in China that could put internet cafés at risk from hackers and other online criminals. Researchers at McAfee drew attention to the problem recently after spotting MachineDog circulating in China. Internet cafés are very popular in China as many people cannot afford a home PC, but slack security policies mean that they are vulnerable to attack. “One special characteristic of this malware is that it’s designed to penetrate the hard disk. This means it can infect most machines in internet bars and cafes, in some cases without too much resistance,” said a McAfee researcher. The problem is that many internet cafes do not use conventional security software, but use back-up solutions instead. If a PC picks up an infection, it is simply restored to its pre-infection state. But the Machine Dog rootkit is much more difficult to get rid of, said McAfee. “The attack is so dangerous that once it successfully loads its driver into the kernel, most hard-disk protection software will be nothing but an empty shuck, with the administrator still having no idea.”

Trojans Hits Media Files...

July 2008
Trojan attacks multimedia files stored on hard drives. A particularly aggressive Trojan is on the loose that infects multimedia files stored on a user’s hard drive. “We’ve not seen such a sophisticated Trojan infecting multimedia files before,” said the lead for the anti-malware team at Secure Computing, which has been studying the Trojan. “We’ve been seeing infected multimedia files for about a month now and [had been] wondering where they came from.” Like many malware infections, it starts with a visit to a suspicious website, where the user downloads what he thinks is a serial key for a copy-protected software package, for example, but instead gets the Trojan that automatically infests all of his multimedia files. When he shares one of those music or video files with another user via a peer-to-peer network, the recipient in turn gets infected by a fake codec. The Trojan basically relies on legitimate multimedia functions, meaning there are no vulnerabilities you can patch. It preys on the Advanced Systems Format (ASF) file feature in MP3 and Windows Media Audio (WMA) music files, as well as Windows Media Video (WMV) files, for instance. ASF lets you embed script commands in these file.

Lost Laptops

July 2008

Study: Astounding number of laptops lost in airports. According to a new survey, some of the largest and medium-sized U.S. airports report close to 637,000 laptops lost each year, according to the Ponemon Institute survey released Monday. Laptops are most commonly lost at security checkpoints, according to the survey. Close to 10,278 laptops are reported lost every week at 36 of the largest U.S. airports, and 65 percent of those laptops are not reclaimed, the survey said. Around 2,000 laptops are recorded lost at the medium-sized airports, and 69 percent are not reclaimed. Travelers seem to lack confidence that they will recover lost laptops. About 77 percent of people surveyed said they had no hope of recovering a lost laptop at the airport, with 16 percent saying they would not do anything if they lost their laptop during business travel. About 53 percent said that laptops contain confidential company information, with 65 percent taking no steps to protect the information. Airports, along with hotels and parked cars are places where laptops can be easily stolen, said the U.S. Federal Trade Commission (FTC) on its Web site. The confusion of going through security checkpoints can make it easy for travelers to lose track of their laptops, making it “fertile ground for theft,” the FTC said. The FTC recommends people treat laptops “like cash.” Like a wad of money, a laptop in public view – like the backseat of the car or at the airport – could attract unwanted attention. The FTC also recommends using tracking devices which can help track down a stolen laptop by reporting its location once it is connected to the Internet.

Problems with Webcams 4 Mac

July 2008

Drivers for USB or UVC (USB video class) webcams other than iSight for Mac.
Please use the following link to download drivers.

Apple patches Leopard

July 2008

Apple’s fourth Leopard spits out 25 patches. Apple has issued 25 security updates that come bundled with Monday’s release of Mac OS X 10.5.4. The firm said its latest Leopard release addresses operating system and application performance issues and fixes a heap of security flaws. The update affects operating system components that include CoreTypes, c++filt, Net-SNMP, Ruby, Tomcat, VPN, Alias Manager, and Webkit. Six of the vulnerabilities affect the Ruby programming language. Apple said: “Multiple memory corruption issues exist in Ruby’s handling of strings and arrays, the most serious of which may lead to arbitrary code execution.”

ICANN and IANA’s domains hijacked

July 2008

ICANN and IANA’s domains hijacked by Turkish hacking group. The official domains of ICANN, the Internet Corporation for Assigned Names and Numbers, and IANA, the Internet Assigned Numbers Authority were hijacked earlier today, by the NetDevilz Turkish hacking group which also hijacked Photobucket’s domain on June 18. ICANN is responsible for the global coordination of the Internet’s system of unique identifiers. These include domain names, as well as the addresses used in a variety of Internet protocols. IANA is responsible for the global coordination of the DNS Root, IP addressing, and other Internet protocol resources. NetDevilz left the following message on all of the domains: “You think that you control the domains but you don’t! Everybody knows wrong. We control the domains including ICANN! Don’t you believe us? haha :) (Lovable Turkish hackers group).” The following domains were hijacked, and some of them still return the defaced page – icann.net; icann.com; iana-servers.com; internetassignednumbersauthority.com; iana.com. The hackers are once again redirecting the visitors to Atspace.com, 82.197.131.106 in particular, the ISP that they used in the Photobucket’s DNS hijacking. The NetDevilz hacking group seems to be taking advantage of a very effective approach when hijacking domain names, and while they declined to respond to an email sent by Zone-H on how they did it, cross-site scripting or cross-site request forgery vulnerability speculations are already starting to take place.