null Bangalore meet Feb 2010 - news Bytes

2. Operation AURORA Damballa released 31 page report titled "The Command Structure of the Aurora Botnet: History, Patterns and Findings," IT is a ‘garden variety’ Command and control botnet First noticed by Google in December 2009, made public on January 12, 2010

3. Operation AURORA The primary malware Hydraq is a later staging in a series of malwares consisting of At lest three different families Were deployed using fake antivirus infection messages tricking the victim into installing the malicious botnet agents “ Trojan.Hydraq would have been just another piece of dumb malicious software if it did not have the ability to connect to a CnC server and receive new instructions” The Damballa research paper can be downloaded at: http://www.damballa.com/research/aurora.

4. + =

5. Help ! Attacker entices the victims to press F1 on their website Display a message box that does not go away until F1 is pressed Affects older Windows like XP or 2000

6. Help ! Workaround cacls "%windir%inhlp32.exe" /E /P everyone:N

7. IE Zero Day Warning about a unpatched flaw in IE 6 and 7 IE 6 service pack 1 on Windows 2000 service pack 4 and IE 7 contain this bug Invalid pointer reference bug

8. IE Zero Day Attacker entices the user to click on a Link in an Email or Messenger User visits a website with malicious code

9. Microsoft Patches up Issued patches that fix vulnerabilities in Windows and Office MS 10-016 patch = addresses flaw in Movie maker that allowed remote command execution MS 10-017 patch = addresses vulnerabilities in Excel

10. Adobe fix Adobe released a fix which updates the Reader from 9.3 to 9.3.1 Subvert the domain sandbox and make Cross Domain Calls Allowed an attacker to crash the program and execute commands

11. Zeus Trojan Zeus collected extensive data from individuals at commercial and government systems, Around 68,000 corporate login credentials, 2,000 SSL certificate files, and usernames and passwords for online banking sites and social networks.

12. Zeus Trojan Zeus is capable of stealing data from protected store of a PC Criminals exploited vulnerabilities in Adobe Flash and holes in Adobe reader. Malicious PDF’s were used

13. Twitter Phishing “This you ???” “somebody wrote something about you in this blog here” You will get a URL, clicking on it would ask you to login into a third party site

14. Firefox Add-Ons Master Filer SothinkWeb Video Downloader version 4 They were able to sneak through Mozilla’s malware scanner ClamAV Upload all add-on submissions to the free Virustotal.com, which uses about 40 different engines to scan each submission.

15. Cloud Security Cloud Security Alliance names top 7 threats to Cloud Similar to OWASP Top 10 Abuse and Nefarious Use of Cloud Computing Insecure Interfaces and API Malicious Insiders http://www.cloudsecurityalliance.org/topthreats.html

16. Windows 7 Windows 7 has a ‘SoftAP’ which allows a PC to function as Wi-Fi client and an access point simultaneously This masks the entry of unauthorized users onto the corporate network. It also can allow parking-lot hackers to piggyback onto the user's laptop and "ghost ride" into the corporate network unnoticed.

17. Spy Kids School used student laptop webcams to spy on them at school and home School used student laptop webcams to spy on them at school and home The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a phototaken by the webcam as evidence.

18. Twitter users celebrate 10 billion tweets Virgin rolling out 100Mbps broadband this year Now almost 200 million registered domains Google hammered for Buzz privacy issues

19. Thank You