Microsoft warned today that hackers are targeting a previously unknown security hole in Windows XP and Windows Server 2003 systems to break into vulnerable PCs. Today's advisory includes instructions on how to mitigate the threat from this flaw.
In a security alert posted today, Microsoft said the vulnerability could be used to install viruses or other software on a victim's PC if the user merely browsed a hacked or booby trapped Web site designed to exploit the security hole. Redmond says at this time it is aware of "limited, active attacks that exploit this vulnerability."
Microsoft doesn't define "limited, active" attacks in the context of this vulnerability, but the SANS Internet Storm Center is reporting that thousands of newly compromised Web sites have been seeded with code that exploits this vulnerability. SANS also says instructions for exploiting the vulnerability have been posted to a number of Chinese Web sites.
A computer programmer working for Goldman Sachs was arrested last week on charges that he stole proprietary source code for software his employer uses to make sophisticated, high-speed, high-volume stock and commodities trades.
Sergey Aleynikov, who earned nearly $400,000 a year in his job, allegedly stole 32 megabytes of data over four days in June and transferred it to a website hosted in Germany before trying to erase his tracks from Goldman Sach’s network. He neglected to take into account, however, that the company kept a backup record of its command logs. On at least two occasions, he transferred the data remotely while logged into his company’s network from his home computer.
Aleynikov, a naturalized U.S. citizen from Russia, was arrested on July 3 at the Newark Airport in New Jersey as he exited a flight and is being held on charges related to theft of trade secrets until he posts $750,000 in bond, pays $75,000 in cash and surrenders his travel documents.
Although the complaint against him [.pdf] doesn’t name the financial institution he worked for, news outlets, and a source familiar with the case, say Aleynikov worked for Goldman Sachs.
Aleynikov allegedly stole the code in the last days before he left Goldman Sachs on June 5 to take a job with a new, unnamed firm in the high-volume trade industry that promised to pay him three times the salary he’d been earning.
If you've scaled back your summer vacation and swapped dining out for eating in, you're not alone. Americans everywhere are sweating their daily expenses.
It's likely New Yorkers are cinching their belts. That's because New York is the least-affordable metro in the nation for families, according to our calculations. Families in the Big Apple struggle to keep their budgets balanced and likely worry about paying for expenses like food, health care and housing more than residents of virtually any other major city in the country.
Though New Yorkers' earnings are high compared with the rest of the country--their median income is the eighth-highest of our survey of the country's 40 largest cities--the cost of a family's most basic living expenses is nearly as high, accounting for a whopping 93% of annual pay.
If the typical family throws in an occasional trip to the movie theater, music lessons for the kids or membership at a club or gym, they will soon find themselves in the red. Folks in cities with more money leftover will have an easier time providing for their families. Education costs were not available and were not factored into our ranking.
Another notoriously high-rent city, San Jose, Calif., falls at the other end of the spectrum, emerging as the country's most affordable major city.
As of Friday, July 3, 2009, at least 4,322 members of the U.S. military had died in the Iraq war since it began in March 2003, according to an Associated Press count.
The figure includes nine military civilians killed in action. At least 3,456 military personnel died as a result of hostile action, according to the military's numbers.
The AP count is one more than the Defense Department's tally, last updated Thursday at 10 a.m. EDT.
As of Friday, July 3, 2009, at least 642 members of the U.S. military had died in Afghanistan, Pakistan and Uzbekistan as a result of the U.S. invasion of Afghanistan in late 2001, according to the Defense Department. The department last updated its figures Thursday at 10 a.m. EDT.
Of those, the military reports 475 were killed by hostile action.
EyeWonder Malware Incident Affects Popular Web Sites
Dancho Danchev writes on the ZDNet "Zero day" Blog:
During the last couple of hours, visitors of popular and high trafficked web sites such as CNN, BBC, Washington Post, Gamespot, WorldOfWarcraft, Mashable, Chow.com, ITpro.co.uk, AndroidCommunity; Engadget and Chip.de, started reporting that parts of the web sites are unreachable due to malware warnings appearing through the EyeWonder interactive digital advertising provider.
Let’s assess the butterfly effect of a single malware incident affecting an ad network whose ads get syndicated across the entire Web.
What originally started as “we have been mistakenly flagged as malware“, briefly turned into “appears the EW.com domain was potentially maliciously “hacked” causing these errant and erroneous alerts to appear” malware incident.
Is the EyeWonder attack a typical malvertising campaign where malicious content is pushed on legitimate sites through the ad network, or did their web site actually got compromised in the ongoing Cold Fusion web sites compromise attack?
Sadly, it could be an indication of both, since I managed to reproduce the actual exploit serving attack at the Washington Post, using the exact link given by an affected reader within the comments of the article. However, what might have triggered the actual badware alert appears to a compromise of the site itself.
Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1-million-square-foot data center at Utah's Camp Williams.
The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 200-acre site near the Utah National Guard facility's runway.
Congressional records show that initial construction -- which may begin this year -- will include tens of millions in electrical work and utility construction, a $9.3 million vehicle inspection facility, and $6.8 million in perimeter security fencing. The budget also allots $6.5 million for the relocation of an existing access road, communications building and training area.
The Obama administration will proceed with a Bush-era plan to use National Security Agency assistance in screening government computer traffic on private-sector networks, with AT&T as the likely test site, according to three current and former government officials.
President Obama said in May that government efforts to protect computer systems from attack would not involve "monitoring private-sector networks or Internet traffic," and Department of Homeland Security officials say the new program will scrutinize only data going to or from government systems.
But the program has provoked debate within DHS, the officials said, because of uncertainty about whether private data can be shielded from unauthorized scrutiny, how much of a role NSA should play and whether the agency's involvement in warrantless wiretapping during George W. Bush's presidency would draw controversy. Each time a private citizen visited a "dot-gov" Web site or sent an e-mail to a civilian government employee, that action would be screened for potential harm to the network.
Cyber criminals based in Ukraine stole $415,000 from the coffers of Bullitt County, Kentucky this week. The crooks were aided by more than two dozen co-conspirators in the United States, as well as a strain of malicious software capable of defeating online security measures put in place by many banks.
Bullitt County Attorney Walt Sholar said the trouble began on June 22, when someone started making unauthorized wire transfers of $10,000 or less from the county's payroll to accounts belonging to at least 25 individuals around the country (some individuals received multiple payments). On June 29, the county's bank realized something was wrong, and began requesting that the banks receiving those transfers start reversing them, Sholar said.
"Our bank told us they would know by Thursday how many of those transactions would be able to be reversed," Sholar said. "They told us they thought we would get some of the money back, they just weren't sure how much."
Sholar said the unauthorized transfers appear to have been driven by "some kind computer virus." Security Fix has been communicating with a cyber crime investigator who is familiar with the case. What follows is a description of the malicious software used, a blow-by-blow account of how the attackers worked the heist, as well interviews with a couple of women hired to receive the stolen funds and forward the money on to fraudsters in Ukraine. This case also serves as an example of how e-mail scams can be used to dupe unknowing victims in serving as accomplices in their plan.
According to my source, who asked not to be identified because he's still investigating different sides of this case, the criminals stole the money using a custom variant of a keystroke logging Trojan known as "Zeus" (a.k.a. "Zbot") that included two new features. The first is that stolen credentials are sent immediately via instant message to the attackers. But the second, more interesting feature of this malware, the investigator said, is that it creates a direct connection between the infected Microsoft Windows system and the attackers, allowing the bad guys to log in to the victim's bank account using the victim's own Internet connection.
The Federal Trade Commission today announced a wide-ranging attack on cyber-vultures looking to feast on the current moribund economic situation.
Dubbed “Operation Short Change,” the law enforcement sweep announced today includes 15 FTC cases, 44 law enforcement actions by the Department of Justice, and actions by at least 13 states against those looking to bilk consumers through a variety of schemes, such as promising non-existent jobs; promoting overhyped get-rich-quick plans, bogus government grants, and phony debt-reduction services; or putting unauthorized charges on consumers’ credit or debit cards.
“Thousands of people have been swindled out of millions of dollars by scammers who are exploiting the economic downturn,” said David Vladeck, Director of the FTC’s Bureau of Consumer Protection during a press conference today. “Their scams may promise job placement, access to free government grant money, or the chance to work at home. In fact, the scams have one thing in common--they raise people’s hopes and then drive them deeper into a hole.”
At the heart of Operation Short Change, are new FTC cases against companies the agency says have conned consumers out of millions of dollars. In each case, the FTC alleged that the defendants’ practices were deceptive or unfair and/or made illegal electronic funds transfers or violating the Telemarketing Sales Rule.
Russia is not China. And so far there has been no attempt by the Kremlin to crack down on the web, which is the last remaining source of free information for ordinary Russians in an otherwise controlled media landscape.
The authorities keep an iron grip on television, ensure that most newspapers toe a pro-government line, and keep critics off the airwaves.
Recently, however, there are signs that the Russian government is reconsidering its laissez-faire attitude towards the internet, especially in the wake of Iran's web-driven "green revolution".
Several Russian bloggers who have posted critical articles have found themselves charged with extremism. One is in jail. Another was arrested after comparing Russia's prime minister Vladimir Putin to a penis.
The Kremlin also uses other darker strategies for getting its PR message out, employing dozens of young, patriotic bloggers to flood chatrooms with a pro-Kremlin message, and to attack its enemies.
Manchester City Council was prevented from issuing hundreds of motoring penalty notices in time after the infamous Conficker worm knocked out parts of its IT systems.
Drivers caught on camera driving in bus lanes escaped punishment after the town hall fine processing system was taken offline in February, following infection by the infamous worm. Failure to issue 1,609 tickets within the statutory limit of 28 days left the city £43,000 out of pocket.
Clean up costs and consultancy fees were a far more significant cost, resulting in costs estimated at £600k. In additional, council IT chiefs spent a further £600k on Wyse thin client terminals as part of an enhanced backup strategy.
Town hall chiefs also spent a further £169,000 on extra staff needed to handle a backlog of benefits claims. Compensation payments to benefit claimants piled on the financial pain.
In total the incident cost the council an estimated £1.5m, the Manchester Evening News reports. Infection by the worm left council workers unable to send emails or print documents, and struggling with extra red tape after they were obliged to keep additional back-up paper records in case data was lost.
INTERPOL today became the latest and biggest law enforcer to join FIRST, the Forum of Incident Response and Security Teams, in the battle against cyber crime.
The global police network's membership of FIRST was announced at the Forum's 21st annual conference in Kyoto.
Noboru Nakatani, INTERPOL's Director of Information Systems and Technology, hailed the move as "one of the most important bridges we've ever built" bringing the chance at last to close a gap between forensic techniques through which criminals have been able to escape justice.
While computer emergency response teams almost always try to disable attacks immediately, without waiting to trace aggressors who can then move on to fresh targets, police forces have preferred to watch crimes develop, hoping to pick up a trail that will lead to detection and a successful prosecution.
But, said Derrick Scholl, chairman of the FIRST steering committee, the problem of that approach is that "probably in no other area of criminal activity is it so easy to lay a false trail."
A man from Arlington, Texas, who worked as a contract security guard at the Carrell Clinic on North Central Expressway in Dallas, has been arrested on felony charges outlined in a criminal complaint, announced Acting U.S. Attorney James T. Jacks of the Northern District of Texas.
Late Friday evening, agents with the FBI arrested Jesse William McGraw, a/k/a "GhostExodus," "PhantomExodizzmo," "Howard Daniel Bertin," "Howard William McGraw," and "Howard Rogers," age 25. McGraw appeared yesterday afternoon before U.S. Magistrate Judge Wm. F. Sanderson, Jr., for his initial appearance. He was detained until his probable cause and detention hearing set for Wednesday, July 1, 2009, at 2:30 p.m., before Judge Sanderson.
According to the affidavit filed in support of the criminal complaint, McGraw is the leader of the hacker group, "Electronik Tribulation Army." He was employed as a security guard for United Protection Services, in Dallas, and worked the night shift, from 11:00 p.m. to 7:00 a.m. at the Carrell Clinic hospital.
The affidavit alleges that between April and June 2009, McGraw committed computer intrusions of several computers in the Carrell Clinic hospital building, including computers controlling the Heating, Ventilation and Air Conditioning (HVAC) system and computers containing confidential patient information. The HVAC system intrusion presented a health and safety risk to patients who could be adversely affected by the cooling if it were turned off during Texas summer weather conditions. In addition, the hospital maintained drugs which could be adversely affected by the lack of proper cooling. McGraw, who used the online nickname "GhostExodus," posted pictures on the Internet of the compromised HVAC system and videos of himself compromising a computer system in a hospital.
