OPLIN 4Cast #300: Threatening innovations

You have to admit, the people who try to take over your computer or steal your private information for their own shady purposes are undoubtedly inventive. It seems as if every month they develop at least one surprising new major exploit of computers and the Internet, and recently they have been more active than they have been for years. We’re seeing news stories about routers turned into botnet clients, government-built viruses (just who are the good guys?), and new PCs shipped pre-infected with malware. And what the heck is a UDID anyway?

  • Router botnets are more of a reality than you think (SecurityWeek/Steve Ragan)  “Unfortunately, those are just some of the ways to maliciously flash a router without anyone being the wiser. Updated firmware (as in ensuring the device is current on the latest version) can help in some cases but not all, as attacks that target retained settings within the device’s memory can still lead to compromise. In the end, using an open router within an active SOHO [Small Office/Home Office] environment will come down to risk tolerance. If the business is ok with the risk, no need to worry.”
  • Cyber clues link U.S. to new computer viruses (Reuters/Jim Finkle)  “The United States has already been linked to the Stuxnet Trojan that attacked Iran’s nuclear program in 2010 and the sophisticated Flame cyber surveillance tool that was uncovered in May. Anti-virus software makers Symantec Corp of the United States and Kaspersky Lab of Russia disclosed on Monday that they have found evidence that Flame’s operators may have also worked with three other viruses that have yet to be discovered.”
  • Microsoft disrupts the emerging Nitol botnet being spread through an unsecure supply chain (Official Microsoft Blog/Richard Domingues Boscovich)  “The discovery and successive action against the Nitol botnet stemmed from a Microsoft study looking into unsecure supply chains. The study confirmed that cybercriminals preload malware infected counterfeit software onto computers that are offered for sale to innocent people. In fact, twenty percent of the PCs researchers bought from an unsecure supply chain were infected with malware.”
  • What’s the big deal with iPhone UDIDs? (Ars Technica/Chris Foresman)  “The UDID [Unique Device Identifier] could be used as a sort of ‘anonymized’ token. However, many developers connected a UDID with users’ real names, user names, passwords, location, or other data. While the UDID alone would be of little use to hackers or identity thieves, network snoopers could correlate these UDIDs with other data gleaned from multiple apps, which privacy advocates believe is plenty to home in on a particular person.”

Malware fact:
According to McAfee Labs [pdf], more than eight million new kinds of malware were launched in the second quarter of 2012.

Leave a Reply

retaggr


%d bloggers like this: