By Terence Huynh / 3 October 2009 / No Comments
Thought Conficker was dead and buried? Well, you were wrong, as the communal PCs used by the students who attend the Oxford Brookes University were found to be infected with the malware on Thursday, leaving a difficult job to IT support to clean out the virus.
“There has been a sustained and significant virus attack on the Brookes network. We are presently working to counteract it but this may result in unpredictable disruption to network services,” the University said in a statement to all faculty and staff.
“A version of the Conficker virus was involved. Servers and desktop PCs have been affected, including the pooled computer room PCs which were shutdown yesterday evening (1st October) until this morning.”
The university has advised that all staff members should check their PCs for the virus, and if it has been infected, then you should log out immediately, switch off the computer and contact IT support.
Brookes joins a long list of UK institutions that have been infected with the virus, joining Manchester City Council, the Houses of Parliament and the Ministry of Defence. However, it also serves as another reminder that it is still active and continues to infect more and more computers. However, while a botnet has not been established yet, figures from the Conficker Working Group reveal that there could be as many as six million computers infected.
You can find more information on Conficker in our guide to the virus.
By Terence Huynh / 6 September 2009 / No Comments
SECURITY BRIEF: Users using an older version of WordPress (that is, before the current version 2.8.4) have been asked to upgrade immediately to the latest version in order to avoid an ongoing attack to users self-hosting their own blog and could lock you out of your account.
While blogs hosted on WordPress.com are not affected as they are upgraded as a new version comes out, the vulnerability is said to be growing by the hour. WordPress is used by governments, huge corporations and other known niche blogs (i.e. Mashable, TechCrunch) all over the world.
The attack, according to Lorelle on WordPress, is exploiting a known security hole in previous versions in the blogging software, allowing the attacker to have administrator access to your account and could get into the database via the pretty permalinks.
There are two clues that your WordPress site has been attacked.
There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”
The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.
All users are advised to UPGRADE to the latest version, and those who have already been affected, the only fix is to export all of your posts, uninstall and reinstall WordPress and then re-import all your posts. Because it goes all the way to the database level, it is advised that you use a new database as importing the database would also bring your new blog install affected by the code.
WordPress will also release any new updates immediately with further security improvements if the attackers find a new security hole to exploit.
By Terence Huynh / 29 August 2009 / No Comments
Remember when Apple confirmed the much-hyped malware protection in Snow Leopard; well, it turns out that its nothing more than a XProtect.plist file that contains five file signatures for only two, and the most popular, trojans out there infecting Macs – OSX.RSPlug and OSX.Iservice.
Both threats, described as very low threats by Symantec, are usually attached as payloads on shady installs of the latest iWork and Adobe CS4 software found in Bit Torrent sites, installing themselves after a user enter their administrator credentials.
By Terence Huynh / 27 August 2009 / No Comments
Apple has now confirmed the rumours of the existence of some malware protection software in the new operating system. According to The Loop, it scans and checks all files downloaded via Safari, iChat and Mail. As seen in the above image, it will indicate which file contains what type of malware and will note the time and date when you downloaded the file, which application downloaded it, and where from.
Apple has also said that the feature isn’t that new as it notes that it made its debut in Tiger under File Quarantine; but the one in Snow Leopard includes checking for known malware file signatures, and will be updated via its Software Update tool.
Apple has not confirmed where will it be getting these type of definitions for File Quarantine, but ZDNet’s Ryan Naraine has said that it is not using the open-source ClamAV engine; meaning that Apple has licensed the technology from a commercial company (i.e. Symantec).
By Terence Huynh / 23 August 2009 / 1 Comment
Announced yesterday, Australia is planning to share its fingerprints database of foreign criminals and asylum seekers with Canada and the United Kingdom, allowing all three countries’ relevant departments flag migrants who try to hide away from authorities, with assurances that the data will be protected.
The agreement is also set to have the United States to join at a later stage, and New Zealand considering to join in the near future via legislation. All five parties are members of the Five Country Conference, a forum on improving immigration control and border security.
Read More »
By Terence Huynh / 7 August 2009 / No Comments
Today saw denial of service attacks on well-known social networking websites MySpace and Facebook, micro-blogging site Twitter and other websites, leaving as many as 30 million users worldwide without access to Twitter alone. But reports are coming in is that the target was not the companies – but was an attack to one user who supports the Republic of Georgia.
As of the time of writing, many users are reporting that they are still unable to access Twitter sometimes as it still tries to combat the attacks. Facebook, however, is reported to have some success as it is still up.
Read More »
By Terence Huynh / 25 July 2009 / 1 Comment
The most popular anti-virus program AVG has been causing confusion throughout the day by listing all of the iTunes files, including necessary DLL files, as being infected with a trojan horse known as “Trojan horse Small.BOG”.
This is a false detection from AVG, and there is no trojan, or risk of trojans, in iTunes. If you have quarantined the files, make sure your restore the files immediately or go to a previous system restore. If you have not done so, make sure you follow these instructions:
Read More »
By Terence Huynh / 14 July 2009 / 1 Comment
Attackers who coordinated the cyber attacks last week in the United States and South Korea are said to have extracted lists of files from computers that were used in the attack, according to police in Seoul, the capital, on Tuesday.
The new findings not only show that the affected computers were not only used for attacks, but were used to steal data from unaware victims – adding to fears that computers were ordered to destroy the hard drive, or make them inoperable. According to the police, file lists were sent to 416 computers in 59 countries, with 15 of them located inside the country (South Korea).
Identity of the hackers have not been found, nor where they operated from. The attacks were targeted on several United States and South Korean websites, including media sites and government sites.
No new web attacks have since been reported since last Thursday, but it was reported that the National Intelligence Service, South Korea’s spy agency, suspected that North Korea conducted the attacks, though no conclusive evidence supports the claim.
By Terence Huynh / 10 July 2009 / No Comments
South Korea have said that the attacks that caused denial of service attacks on several websites based in the United States and South Korea were from 86 IP addresses from 16 different countries, including from Japan and Guatemala, according to the AP.
The spy agency in South Korea, the National Intelligence Service (NIS), spoke briefly on the current investigation to lawmakers in the country, amid suspicions North Korea were behind the attacks. Also briefly talked was the technical and circumstantial reasons why its northern, communist neighbour were behind the attack.
NIS, however, has also added that it was too early to conclude that North Korea was behind the attacks. United States investigators, however, say while they think that North Korea was a possible suspect, it would be too difficult to find the identities of the attackers.
The attacks, happening on July 4, were able to take down several key agencies in both the United States and South Korea, and other websites based in South Korea – including a bank and an internet portal. While no sensitive information was stolen, it was believed to create a nuisance and not to steal data.
By Terence Huynh / 9 July 2009 / No Comments
A widespread cyber attack beginning in July 4 has knocked out several United States agencies’ websites, including those responsible for fighting cyber crime. Also reported was on the same day, several sites belonging to the South Korean government and other private sites were knocked offline from the same cyber attack.
Those agencies affected include the Treasury Department, the Federal Trade Commission, the Department of Transportation, the Pentagon and the Secret Service, according to officials inside and outside the government talking to the Associated Press. These attacks were timed around the Independence Day holiday.
Read More »
