Virus Information News

  1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)

Holy Father on rootkit writing for fun, profit

InfoWorld

by Paul Roberts

March 16, 2005

The software developer behind a leading rootkit program says he is motivated by necessity, curiosity and a desire to expose weaknesses in the Windows operating system and security technology. He also isn't too worried about how others might use his softwa

While he declined to provide his real name or speak by phone, "Holy Father," author of the Hacker Defender rootkit, claims to live in the Czech Republic, where the hacker defender Web site is registered to a "Jaromir Lnenicka" in Prague. His online name stemmed from a desire to do "big thingz" in the computer hacking underground. On that score, he has succeeded. Written in conjunction with a member of the 29a malicious code writing group, Hacker Defender has been downloaded more than 100,000 times, by his count, and grabbed the attention of security researchers at Microsoft and other leading companies.

Virus writers exchanging information

Kaspersky Lab

March 17, 2005

Virus analysts at Kaspersky Lab have been investigating the recent Bagle outbreak, and come to the conclusion that the authors of Bagle, Zafi and Netsky are working hand in hand with each other.

SpamTool.Win32.Small.b, a malicious program which harvests email addresses from infected machines, was first detected by Kaspersky Lab analysts on 15th February. Email addresses of antivirus companies are excluded from the list it compiles. Further analysis of the situation reveals that the mass mail of this program was a preliminary stage in the attack carried out by Bagle on 1st March. In researching the Bagle outbreak, virus analysts have concluded that the authors of Bagle, Zafi and Netsky and others are working closely together; they may not be personally known to each other, but they are all using information provided by the author of Bagle to mass mail their creations.

UK police foil massive bank theft

BBC News

March 17, 2005

Police in London say they have foiled one of the biggest attempted bank thefts in Britain.

The plan was to steal $423m from the London offices of the Japanese bank Sumitomo Mitsui. Computer experts are believed to have tried to transfer the money electronically after hacking into the bank's systems.

Mac OS X CF_CHARSET_PATH Buffer Overflow Vulnerability

IDefense

by Tyler Hawes

March 21, 2005

Local exploitation of a buffer overflow vulnerability within the Core Foundation Library included by default in Apple Computer Inc.'s Mac OS X could allow an attacker to gain root privileges.

The vulnerability specifically exists due to improper handling of the CF_CHARSET_PATH environment variable. When a string greater than 1,024 characters is passed via this variable, a stack-based overflow occurs, allowing the attacker to control program flow by overwriting the function's return address on the stack. Any application linked against the Core Foundation Library can be used as an exploit vector for this vulnerability. Some of the setuid root binaries that are vulnerable include su, pppd and login.

Virus Prize 2005

DVForge

March 26, 2005

Please... Infect Our Computers!

Contest goal: To lay to rest, once and for all, the myths surrounding the lack of spreading computer virii on the Macintosh OS X operating system. Please... Infect Our Computers!

The OS X Zombies

J/R/S

March 29, 2005

A certain institution of higher learning has discovered that fleets of their OS X boxes have been compromised. They do not yet know the vector of attack, meaning it is officially a 'zero day exploit'. They do however have several theories - all of which h

The OS X boxes, when compromised, end up running rogue IRC bot controllers and FTP servers. Naturally these rogue processes are capable of accessing sensitive data - which can be destroyed, modified, or stolen. Some of the victimised boxes were exploited through weak passwords for SSH-enabled accounts; still others through their Apache servers. Apache needs to be patched too and Apple have the patches out there for their contribution to the Apache community and they should be downloaded. Worse: if the holes in Apache are publicised and the sysadmins do not download them, the script kiddies will know how to attack.

Web Browser Forensics, Part 1

Security Focus

by Keith J. Jones and Rohyt Belani

March 30, 2005

Introduction Electronic evidence has often shaped the outcome of high-profile civil law suits and criminal investigations ranging from theft of intellectual property and insider trading that violates SEC regulations to proving employee misconduct resultin

Critical electronic evidence is often found in the suspect's web browsing history in the form of received emails, sites visited and attempted Internet searches. This two-part article presents the techniques and tools commonly used by computer forensics experts to uncover such evidence, through a fictitious investigation that closely mimics real-world scenarios. While you read this article, you may follow along with the investigation and actually analyze case data...

Web Browser Forensics, Part 2

Security Focus

by Keith J. Jones and Rohyt Belani

May 11, 2005

In part one, we began investigating the intrusion of the Docustodian document management server hosting a law firm's data. The server appeared to have been compromised by a group of hackers who were using it as a repository for their MP3s, MPEGs, and pira

We also performed a review of the Internet Explorer history and cached files on the system used by Joe Schmo, the primary suspect of the intrusion. Analysis of the web browsing history revealed Internet searches for license cracks and hacking books; however, all this malicious activity appeared to have been performed while Joe was on vacation with his family in Florida. In part two we now set out to determine who used Joe's machine while he was on vacation. We will proceed by examining further investigative leads that involve performing an in-depth review of the web activity of all other browsers installed on Joe's hard drive...

Web attacks soar

The Register

by John Leyden

May 12, 2005

Web server attacks and website defacements rose 36 per cent last year, according to an independent report. zone-h, the Estonian security firm best known for its defacement archive, recorded 392,545 web attacks globally in 2004, up from 251,000 in 2003.

Mass defacements (322,188) were by far the largest category in 2004. More targeted cyber graffiti attacks numbered 70,357. zone-h also recorded 186 attacks on US governmental servers out of 3,918 attacks on government domains worldwide. Separately the security consultancy recorded 49 assaults on US military servers. zone-h estimates that 2,500 web servers are successfully hacked each day out of a total population of 45m servers...

Security gripes' Microsoft feels your pain

CNet

by John Borland

May 13, 2005

Software giant plans subscription service offering antivirus help, automatic computer checkups.

It's not news to Microsoft that many, if not most, average Windows users have gripes about their PC experiences. In response, the software company is unveiling on Friday a new subscription-based computer fix-it service, aimed at automatically patching security holes, blocking viruses and spyware, and generally automating the chores of maintaining a computer's health. Dubbed Windows OneCare, the service will draw in part on existing tools like the company's anti-spyware software , as well as on basic PC management functions inside Windows. But it will add a more powerful firewall, ongoing antivirus protection, and the right to get a live support person on the phone without paying extra, the company said.

  1     2     3     4     5     6     7     8     9     10    | [Next]  [Last] of 172 page(s)