Every now and again a story crops up which causes you to do a double-take. Such an incident occurred this week when the FT (no less) reported that a scientist from the University of Reading had ‘infected’ himself’ with a computer virus. The study suggested that this had important implications for devices such as heart pacemakers and cochlear implants which could be attacked by computer viruses.
The scientist in question used an RFID chip (which he knew to be contaminated) and studied its affect on equipment it interacted with, such as door entry systems. The newsworthy angle came from the fact the chip was embedded in his hand and not its usual environment such as in a smart card.
Whilst it’s theoretically possible for RFID chips and readers to become infected, medicine is a closed environment which makes it more difficult and there would be many hoops to jump. You would also have to ask why anyone would want to do it (and invest the huge volumes of dirty cash to do so)? There are far more lucrative environments elsewhere for scammers. That’s not to say it definitely won’t happen, just unlikely and there’s no need for us to panic just yet.
This week is the one-year anniversary of the Downadup/Conficker threat’s April 1, 2009 “trigger” date. Although, Conficker did not turn into a widespread threat or cause the significant damage it had the potential to inflict, one year later, we know that those behind Downadup/Conficker still potentially have the keys to some 6.5 million of these computers. These computers have not been fixed by their owners, leaving them open to be victimized at any time by cybercriminals.
While 6.5 million infected computers remain wide open to further attack, they are monitored very closely by law enforcement and by members of the Conficker Working Group. Should the criminal(s) attempt to use them, the alarm will sound. For the criminals holding the keys, too much attention may be a turn off and it will likely prevent them from carrying out their original malicious plans.
So, are we out of the woods in terms of Downadup/Conficker?
Probably not. Downadup/Conficker may not be the biggest known botnet on the block, but it still has the potential to do serious harm. Industry groups and law enforcement are being vigilant but the 6.5 million infected PC are very much so like a loaded gun, waiting to go off.
Here’s what we know today:
• Approximately 6.5 million systems are still infected with either the .A or .B variants.
• The .C variant, which used a peer-2-peer method of propagating, has been slowly dying out over the past year. From a high of nearly 1.5 million infections in April of 2009, the infection rate has steadily decreased to between 210,000 to 220,000 infections. This indicates some computer users are fixing the issue and getting rid of the infection.
• Symantec also observed another variant, .E, released on April 8, 2009, but this variant deleted itself from infected systems on or after May 3, 2009.
• Thus far, the machines still infected with Downadup/Conficker have not been utilized for any significant criminal activity, but with an army of nearly 6.5 million computers strong, the threat remains a viable one.
Symantec has put together the following video highlighting the evolution of Downadup/Conficker to help give computer users background on the threat and information about where it is today:
Orla Cox, Security Operations Manager at Symantec Security Response
But while it seems that David Beckham is increasingly likely to miss the World Cup due to injury, the cybercrime underworld are certain to be gathering their cohorts to spam and scam the unwary out of their hard earned cash. This is not anything new of course; cybercriminals regularly hide behind major news events like disasters and sporting events to spread their malicious activities. Whether it be phishing, spam, malicious downloads, poisoned searches, or anything else, they are trying to get hold of one thing – money!
Symantec recently launched a new website – www.2010netthreat.com – which will host up-to-date data and information specific to security threats and scams around the world cup in South Africa. Now we’ve developed a new video in the popular series ‘Symantec Guide to Scary Internet Stuff’ called Net Threats which seeks to educate users to the potential scams and threats cybercriminals use to hide behind major sporting events like the world cup. Please take a look and tell us what you think?
The team at Norton have been busy digging through the gossip since Sunday’s glamorous Oscar ceremony. They weren’t just looking for juicy rumours though; they’ve been looking for malware around the Academy Awards.
Cybercriminals often take advantage of public interest in both individual celebrities and world entertainment events, so it is no surprise that when the two combine, crooks get busy infecting websites. Norton found that around 50% of Oscar related internet search results lead to “poisoned” sites.
Some of the most dangerous search terms (and the percentage of infected results) include:
- “Oscar 2010 Winners” – 60% infected
- “Music By Prudence” – 58% infected
- “Kathryn Bigelow height” – 48% infected
- “Sandra bullock Meryl Streep kiss” – 43% infected
Criminals predict public curiosity and infect pages that contain key words with malware. When a victim clicks through on links from search engines they inadvertently end up with their computer infected with a virus or inundated with pop-ups for fake, and in some cases dangerous, “anti-virus software.”
When searching for anything online, Oscar-related or not, it is important to be on guard. Make sure you have legitimate antivirus software that includes all the latest updates, and if you don’t, make sure you buy software from a reputable source.
Cybercriminals can’t wait for the 2010 Vancouver Winter Olympic Games to get underway tonight. No, spamming, hacking and creating botnets haven’t become an Olympic sport, but these malicious attackers are greatly anticipating the millions of followers who will be going online to watch events, read news and obtain updates on the Games.
Key sporting events such as the Vancouver Olympics and the 2010 Football World Cup provide the perfect scenario to dupe victims around the world with Olympics-related spam emails, phishing attacks and other nasty Web tricks – with the sole purpose being to steal personal information and identities. Symantec anticipates seeing a rise in cybercrime activity during the 2010 Winter Games since, as is common surrounding high-profile events.
During the 2008 Beijing Olympic Games, spammers enticed users with newsworthy subject lines to open email messages prompting them to click on links hosting malware.
A few of those subject lines included:
• Are Chinese gymnasts too young for Olympics?
• Beijing Olympics cancelled
• Beijing postpones Olympics due to McCain-Dalai Lama meeting
To avoid being a victim during the 2010 Games, Symantec urges you to follow these best practices:
• Purchasing Official Olympic Tickets – When buying tickets online, even from an auction site, be sure it is a reputable online source. For instance, Vancouver2010.com is offering fan-to-fan tickets on a first come, first-served basis.
• If it sounds too good to be true, it probably is – Many cybercriminals use extravagant promises such as “exclusive” Olympic pins and merchandise to lure victims into clicking through to malicious sites and divulging personal information.
• Use caution when clicking links from within emails or IM messages – Links can contain viruses or Trojans, or lead users to infected websites. Never click a link in a suspicious email. Instead, make it a habit to type the full website URL, such as www.YouTube.com, into your Web browser.
• Never fill out forms in messages – Legitimate 2010 Winter Games organizers/sponsors will never ask for personal, financial or password information through an email message.
• Update your computer – Have a hacker –free Olympic experience by ensuring that all personal and work computers are protected with up-to-date antivirus software and the latest operating system and application patches.
Microsoft has announced that today (Thursday 21st January) at approximately 6pm UK time, it will release an emergency out-of band patch to fix the Internet Explorer zero day security vulnerability that has been used by attackers in various high-profile targeted attacks, specifically the recent Trojan.Hydraq attacks waged against Google and a number of other companies.
The vulnerability affects Internet Explorer 6, 7 and 8, which make up the bulk of the versions used today. However, the only in-the-wild exploit code for this vulnerability detected thus far is confirmed to affect just Internet Explorer 6.
Based on our in-the-field detections, this security vulnerability has only been used in a very limited number of targeted attacks so far, however they appear to be very high profile attacks. The most likely attack vector used in the incidents seen thus far is targeted e-mails containing legitimate looking attachments or links to Web sites sent to high-level employees. When the attachment is opened, an exploit for the vulnerability springs into action and the computer becomes infected.
Despite the fact that we’ve seen just limited attacks using this vulnerability, with exploit code public, there is no reason to think we won’t see more attack attempts. And you can be sure bad guys are working overtime to create reliable exploits for the other affected versions of Internet Explorer, namely 7 and 8.
This security hole is so dangerous because it allows for remote exploitation. This means attackers can run any malicious code of their liking on a victim’s machine by taking advantage of the vulnerability.”
We strongly encourage users to patch their systems against this vulnerability. In addition, businesses are encouraged to consider implementing an automated patch management solution to help mitigate risk.
Today is apparently the busiest day of the year for online shopping. Known as Mega or Cyber Monday, apparently millions of us will be shopping online today for our Christmas bargains. But as ever, you have to be careful and extra vigilant if you do intend to be one of the millions shopping online.
Happy bargain hunting!
Time after time, we see those engaged in the Cybercrime Underworld using major sporting or news events to trap the unwary into letting down their cyber guard. Well it seems to have happened again with interest in the Tiger Woods car accident over the weekend, and rumours of the cause, giving Scareware peddlers ripe opportunity to poison web search engines. The story, which has generated a swell in web traffic and searches, has been one of the top Google searches since the news broke.
The Symantec Response team have observed some search engine results redirecting users to a number of malicious domains:
These websites then take the user through a fake scanning activity before pointing out a host of serious ‘errors’ and ‘threats’ advising that these must be immediately cleaned from the user’s computer. However, the threats are bogus, and users are unwittingly conned into buying illegitimate antivirus software which could then take personal details for criminal gain.
Hon Lau on the Symantec Response blog, said: “From an IT security point of view, this unfortunate incident is just another fruit ripe for the picking as far as malware writers are concerned. It comes as no surprise that the creators of rogue antivirus or misleading application software have already jumped on the bandwagon and attempted to poison web search engine results to take advantage of this spike in web search activity.”
So as ever, be on your guard. When searching for information on the Web, make sure your legitimate antivirus software is updated and if you are ever feel yourself being strong-armed into buying antivirus software from any dubious online sources- Don’t do it! Instead go to a trusted source such as your local physical shop.
Last year we embarked on producing an occasional series of short video’s looking at common internet threats and issues. So far they have covered: Phishing, Botnets, The Underground Economy and Drive-by Downloads.
We wanted them to be educational and have some humour to better educate people using the web at home and at work about how to protect themselves from common threats and risks. So far the initial 4 video’s have gone down well, being posted on sites like YouTube and Facebook, as well as the Symantec website and even a number of online retailers.
The lastest two video’s in the series have just been finished. They are:
- Symantec Guide to Scary Internet Stuff – No 5 Misleading Applications
- Symantec Guide to Scary Internet Stuff – No 6 Denial of Service Attacks
Please have a look at them, and also the other videos in the series, and if you have any thoughts for new topics we should cover, let me know.
Wednesday 2nd September was the ‘official’ 40th anniversary of the Internet. To mark this important milestone we thought we’d take a look back at some of the most notorious threats ever seen online.
- I Love You (2000) – Who wouldn’t open an e-mail with “I Love You” in the subject line? Well, that was the problem. By May 2000, 50 million infections of this worm had been reported. The Pentagon, the CIA, and the British Parliament all had to shut down their e-mail systems in order to purge the threat.
- Conficker (2009) – The Conficker worm has created a secure, worldwide infrastructure for cybercrime. The worm allows its creators to remotely install software on infected machines. What will that software do? We don’t know. Most likely the worm will be used to create a botnet that will be rented out to criminals who want to send SPAM, steal IDs and direct users to online scams and phishing sites.
- Melissa (1999) – Melissa was an exotic dancer and David L. Smith was obsessed with her and also with writing viruses. The virus he named after Melissa and released to the world on March 26th, 1999, kicked off a period of high-profile threats that rocked the Internet between 1999 and 2005.
- Slammer (2003) – This fast-moving worm managed to temporarily bring much of the Internet to its knees in January of 2003. The threat was so aggressive that it was mistaken by some countries to be an organized attack against them.
- Nimda (2001) – A mass-mailing worm that uses multiple methods to spread itself, within 22 minutes, Nimda became the Internet’s most widespread worm. The name of the virus came from the reversed spelling of “admin.”
- Code Red (2001) – Websites affected by the Code Red worm were defaced by the phrase “Hacked By Chinese!” At its peak, the number of infected hosts reached 359,000.
- Blaster (2003) – Blaster is a worm that triggered a payload that launched a denial of service attack against windowsupdate.com, which included the message, “billy gates why do you make this possible? Stop making money and fix your software!!”
- Sasser (2004) – This nasty worm spread by exploiting a vulnerable network port, meaning that it could spread without user intervention. Sasser wreaked havoc on everything from The British Coast Guard to Delta Airlines, which had to cancel some flights after its computers became infected.
- Storm (2007) – Poor Microsoft, always the popular target. Like Blaster and others before, this worm’s payload performed a denial-of-service attack on www.microsoft.com. During Symantec’s tests an infected machine was observed sending a burst of almost 1,800 emails in a five-minute period.
- Morris (1988) – An oldie but a goodie; without Morris the current threat “superstars” wouldn’t exist. The Morris worm (or Internet worm) was created with innocent intentions. Robert Morris claims that he wrote the worm in an effort to gauge the size of the Internet. Unfortunately, the worm contained an error that caused it to infect computers multiple times, creating a denial of service.
For a complete A-Z list of all threats, visit the Symantec Security Response website: http://www.symantec.com/security_response/threatexplorer/azlisting.jsp?azid=W