null Bangalore meet Feb 2010 - news Bytes

Operation AURORA
Damballa released 31 page report titled
"The Command Structure of the Aurora Botnet: History, Patterns and Findings,"
IT is a ‘garden variety’ Command and control botnet
First noticed by Google in December 2009, made public on January 12, 2010

Operation AURORA
The primary malware Hydraq is a later staging in a series of malwares consisting of
At lest three different families
Were deployed using fake antivirus infection messages tricking the victim
into installing the malicious botnet agents
“ Trojan.Hydraq would have been just another piece of dumb malicious software
if it did not have the ability to connect to a CnC server and receive new instructions”
The Damballa research paper can be downloaded at: http://www.damballa.com/research/aurora.

Help !
Attacker entices the victims to press F1 on their website
Display a message box that does not go away until F1 is pressed
Affects older Windows like XP or 2000

Help !
Workaround
cacls "%windir%winhlp32.exe" /E /P everyone:N

IE Zero Day
Warning about a unpatched flaw in IE 6 and 7
IE 6 service pack 1 on Windows 2000 service pack 4 and IE 7
contain this bug
Invalid pointer reference bug

IE Zero Day
Attacker entices the user to click on a Link in an Email or Messenger
User visits a website with malicious code

Microsoft Patches up
Issued patches that fix vulnerabilities in Windows and Office
MS 10-016 patch = addresses flaw in Movie maker that allowed remote
command execution
MS 10-017 patch = addresses vulnerabilities in Excel

Adobe fix
Adobe released a fix which updates the Reader from 9.3 to 9.3.1
Subvert the domain sandbox and make Cross Domain Calls
Allowed an attacker to crash the program and execute commands

Zeus Trojan
Zeus collected extensive data from individuals at commercial and government systems,
Around 68,000 corporate login credentials, 2,000 SSL certificate files, and usernames and passwords for online banking sites and social networks.

Zeus Trojan
Zeus is capable of stealing data from protected store of a PC
Criminals exploited vulnerabilities in Adobe Flash and holes in Adobe reader.
Malicious PDF’s were used

Twitter Phishing
“This you ???”
“somebody wrote something about you in this blog here”
You will get a URL, clicking on it would ask you to login into a third party site

Firefox Add-Ons
Master Filer
SothinkWeb Video Downloader version 4
They were able to sneak through Mozilla’s malware scanner
ClamAV
Upload all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission.

Cloud Security
Cloud Security Alliance names top 7 threats to Cloud
Similar to OWASP Top 10
Abuse and Nefarious Use of Cloud Computing
Insecure Interfaces and API
Malicious Insiders
http://www.cloudsecurityalliance.org/topthreats.html

Windows 7
Windows 7 has a ‘SoftAP’ which allows a PC to function as Wi-Fi client and
an access point simultaneously
This masks the entry of unauthorized users onto the corporate network.
It also can allow parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.

Spy Kids
School used student laptop webcams to spy on them at school and home
School used student laptop webcams to spy on them at school and home
The issue came to light when the Robbins's child was disciplined for
"improper behavior in his home" and the Vice Principal used a phototaken
by the webcam as evidence.

Twitter users celebrate 10 billion tweets
Virgin rolling out 100Mbps broadband this year
Now almost 200 million registered domains
Google hammered for Buzz privacy issues

Thank You

null Bangalore meet Feb 2010 - news Bytes

by n|u - The Open Security Community on Apr 04, 2010

Accessibility

Categories

Tags

Upload Details

Usage Rights

1 Embed 41

Statistics

null Bangalore meet Feb 2010 - news Bytes — Presentation Transcript