Security

Conficker infects Oxford University

By Terence Huynh / 3 October 2009 / No Comments

Thought Conficker was dead and buried? Well, you were wrong, as the communal PCs used by the students who attend the Oxford Brookes University were found to be infected with the malware on Thursday, leaving a difficult job to IT support to clean out the virus.

“There has been a sustained and significant virus attack on the Brookes network. We are presently working to counteract it but this may result in unpredictable disruption to network services,” the University said in a statement to all faculty and staff.

“A version of the Conficker virus was involved. Servers and desktop PCs have been affected, including the pooled computer room PCs which were shutdown yesterday evening (1st October) until this morning.”

The university has advised that all staff members should check their PCs for the virus, and if it has been infected, then you should log out immediately, switch off the computer and contact IT support.

Brookes joins a long list of UK institutions that have been infected with the virus, joining Manchester City Council, the Houses of Parliament and the Ministry of Defence. However, it also serves as another reminder that it is still active and continues to infect more and more computers. However, while a botnet has not been established yet, figures from the Conficker Working Group reveal that there could be as many as six million computers infected.

You can find more information on Conficker in our guide to the virus.

ALERT: WordPress blogs under attack, Users asked to upgrade to 2.8.4

By Terence Huynh / 6 September 2009 / No Comments

SECURITY BRIEF: Users using an older version of WordPress (that is, before the current version 2.8.4) have been asked to upgrade immediately to the latest version in order to avoid an ongoing attack to users self-hosting their own blog and could lock you out of your account.

While blogs hosted on WordPress.com are not affected as they are upgraded as a new version comes out, the vulnerability is said to be growing by the hour. WordPress is used by governments, huge corporations and other known niche blogs (i.e. Mashable, TechCrunch) all over the world.

The attack, according to Lorelle on WordPress, is exploiting a known security hole in previous versions in the blogging software, allowing the attacker to have administrator access to your account and could get into the database via the pretty permalinks.

There are two clues that your WordPress site has been attacked.

There are strange additions to the pretty permalinks, such as example.com/category/post-title/%&(%7B$%7Beval(base64_decode($_SERVER%5BHTTP_REFERER%5D))%7D%7D|.+)&%/. The keywords are “eval” and “base64_decode.”

The second clue is that a “back door” was created by a “hidden” Administrator. Check your site users for “Administrator (2)” or a name you do not recognize.

All users are advised to UPGRADE to the latest version, and those who have already been affected, the only fix is to export all of your posts, uninstall and reinstall WordPress and then re-import all your posts. Because it goes all the way to the database level, it is advised that you use a new database as importing the database would also bring your new blog install affected by the code.

WordPress will also release any new updates immediately with further security improvements if the attackers find a new security hole to exploit.

Snow Leopard’s malware protection scans only for two trojan infections

By Terence Huynh / 29 August 2009 / No Comments

Xprotectlists

Remember when Apple confirmed the much-hyped malware protection in Snow Leopard; well, it turns out that its nothing more than a XProtect.plist file that contains five file signatures for only two, and the most popular, trojans out there infecting Macs – OSX.RSPlug and OSX.Iservice.

Both threats, described as very low threats by Symantec, are usually attached as payloads on shady installs of the latest iWork and Adobe CS4 software found in Bit Torrent sites, installing themselves after a user enter their administrator credentials.

UK, Canada, Australia to share fingerprint database

By Terence Huynh / 23 August 2009 / 1 Comment

98014022_76081a741d_o

Announced yesterday, Australia is planning to share its fingerprints database of foreign criminals and asylum seekers with Canada and the United Kingdom, allowing all three countries’ relevant departments flag migrants who try to hide away from authorities, with assurances that the data will be protected.

The agreement is also set to have the United States to join at a later stage, and New Zealand considering to join in the near future via legislation. All five parties are members of the Five Country Conference, a forum on improving immigration control and border security.

Read More »

Twitter, Facebook attacks targeted known Georgian blogger

By Terence Huynh / 7 August 2009 / No Comments

image

Today saw denial of service attacks on well-known social networking websites MySpace and Facebook, micro-blogging site Twitter and other websites, leaving as many as 30 million users worldwide without access to Twitter alone. But reports are coming in is that the target was not the companies – but was an attack to one user who supports the Republic of Georgia.

As of the time of writing, many users are reporting that they are still unable to access Twitter sometimes as it still tries to combat the attacks. Facebook, however, is reported to have some success as it is still up.

Read More »

AVG claims iTunes infected with Trojan horse

By Terence Huynh / 25 July 2009 / 1 Comment

ScreenShot090

The most popular anti-virus program AVG has been causing confusion throughout the day by listing all of the iTunes files, including necessary DLL files, as being infected with a trojan horse known as “Trojan horse Small.BOG”.

This is a false detection from AVG, and there is no trojan, or risk of trojans, in iTunes. If you have quarantined the files, make sure your restore the files immediately or go to a previous system restore. If you have not done so, make sure you follow these instructions:

Read More »

South Korea says attackers came from sixteen countries

By Terence Huynh / 10 July 2009 / No Comments

South Korea have said that the attacks that caused denial of service attacks on several websites based in the United States and South Korea were from 86 IP addresses from 16 different countries, including from Japan and Guatemala, according to the AP.

The spy agency in South Korea, the National Intelligence Service (NIS), spoke briefly on the current investigation to lawmakers in the country, amid suspicions North Korea were behind the attacks. Also briefly talked was the technical and circumstantial reasons why its northern, communist neighbour were behind the attack.

NIS, however, has also added that it was too early to conclude that North Korea was behind the attacks. United States investigators, however, say while they think that North Korea was a possible suspect, it would be too difficult to find the identities of the attackers.

The attacks, happening on July 4, were able to take down several key agencies in both the United States and South Korea, and other websites based in South Korea – including a bank and an internet portal. While no sensitive information was stolen, it was believed to create a nuisance and not to steal data.

US, South Korean government websites targeted in cyber attack

By Terence Huynh / 9 July 2009 / No Comments

A widespread cyber attack beginning in July 4 has knocked out several United States agencies’ websites, including those responsible for fighting cyber crime. Also reported was on the same day, several sites belonging to the South Korean government and other private sites were knocked offline from the same cyber attack.

Those agencies affected include the Treasury Department, the Federal Trade Commission, the Department of Transportation, the Pentagon and the Secret Service, according to officials inside and outside the government talking to the Associated Press. These attacks were timed around the Independence Day holiday.

Read More »

Page 2 of 1812345...Last »