Source: Internet Security Alliance Daily Brief
Koobface spreads via torrents. August 19, Softpedia – Security researchers identified a new version of the Koobface worm, which uses the global torrent network instead of social networking Web sites to spread. Dating back to July 2008, Koobface is one of the oldest and most successful computer worms that is still active. Its original variants targeted MySpace and Facebook, but it later expanded to other social networking sites. Koobface has seen many improvements and is a fairly sophisticated piece of malware most likely maintained by more than one developer. Despite its success, the worm suddenly stopped spreading on Facebook in February, a decision that baffled security researchers. In April, security experts from FireEye reported Koobface was still serving as a distribution platform for other malware, and that its command and control servers were still operational. A new sample found recently by security researchers from Trend Micro seems to indicate the worm’s creators developed a new propagation routine. The new version bundles version 2.2.1 of the uTorrent client which runs hidden in the background to seed trojanized torrents. These torrents pose as cracked versions of popular applications or games. The new version also uses encryption to evade antivirus detection. The rogue torrents promoted via public trackers and discoverable through the global torrent network contain multiple components that decrypt each other.
AES proved vulnerable by Microsoft researchers. August 18, IDG News Service – Researchers from Microsoft and the Dutch Katholieke Universiteit Leuven discovered a way to break the widely used Advanced Encryption Standard (AES), the encryption algorithm used to secure almost all online transactions and wireless communications. Their attack can recover an AES secret key from three to five times faster than previously thought possible, reported the Katholieke Universiteit Leuven, a research university based in Belgium. The researchers cautioned the attack is complex in nature, and so cannot be easily carried out using existing technologies. In practice, the methodology used by the researchers would take billions of years of computer time to break the AES algorithm, they noted. But the work, the result of a long-term cryptanalysis project, could be the first chink in the armor of the AES standard, previously considered unbreakable. When an encryption standard is evaluated for vital jobs such as securing financial transactions, security experts judge the algorithm’s ability to withstand even the most extreme attacks. Today’s seemingly secure encryption method could be more easily broken by tomorrow’s faster computers, or by new techniques in number crunching.
GingerMaster malware seen using root exploit for Android Gingerbread. August 18, Threatpost – The evolution of mobile malware seems to be accelerating, especially as it applies to Android malware. The newest example of this rapid change is the appearance of GingerMaster, a variant of the DroidKungFu malware that now sports a root exploit for Android 2.3 and gives the attacker complete control of the infected device. The new piece of malware, discovered by researchers at North Carolina State University, uses a jailbreak exploit for Android 2.3, also known as Gingerbread, which is packaged in an infected app as a seemingly legitimate file. Once that exploit runs, it gives the malware root privileges on the phone and also begins collecting data about the device for transmission to a remote server.
Texas-based Vanguard Defense Industries official hacked by Anonymous; CEO says damage limited. August 19, Associated Press – A Texas-based defense and aerospace firm said one of its top officials had his e-mail account broken into by the hacking group Anonymous, the Associated Press reported August 19. Vanguard Defense Industries’ chief executive said messages were stolen from the private Gmail account of a former FBI agent who now works as the company’s senior vice president. Anonymous said in a statement, it pilfered 1 gigabyte of private e-mails and documents from the account. The company’s chief executive told the Associated Press August 19 “there isn’t anything sensitive” in the released material. The company, based in Spring, Texas, specializes in the design and development of drones, unmanned aerial vehicles for law enforcement and the private sector.
DoD to expand cyber program with industry. August 17, Defense News – The U.S. Defense Department (DOD) is moving forward with a program designed to increase sharing with industry of classified and sensitive data about cyberattacks, the Deputy Secretary of Defense announced August 16. A 3-month pilot program — the Defense Industrial Base Cyber Pilot — has “stopped hundreds of attempted intrusions,” he said at a Defense Information Systems Agency conference. It also appears to be cost effective, he added. The program will be extended beyond its original end date of September 30. About 20 companies initially volunteered to participate in the pilot. “In the coming months, we will expand the pilot to the rest of the industrial base, as well as other key areas of critical infrastructure,” the deputy said. In addition to thwarting attacks against contractors, DOD said it identified strings of malware used by hackers. That information was incorporated into DOD network defenses and shared with companies participating in the pilot. Knowledge of these malware signatures “dramatically increases the effectiveness of cybersecurity,” the deputy said. DOD and its contractors must seize the current “window of opportunity” to strengthen their networks against destructive cyber threats, that if launched, would cause great physical damage and even loss of life, he said.