“TDL-4″ Botnet Is Practically Indestructible

A new and improved botnet that has infected more than four million computers is “practically indestructible,” software security experts say.

“TDL-4,” the name for both the bot Trojan that infects PCs and the ensuing collection of compromised computers, is “the most sophisticated threat today,” said Kaspersky Labs researcher Sergey Golovanov in a detailed analysis Monday.

“[TDL-4] is practically indestructible,” Golovanov said and others agree.

“I wouldn’t say it’s perfectly indestructible, but it is pretty much indestructible,” said Joe Stewart, director of malware research at Dell SecureWorks and an internationally-known botnet expert, in an interview today. “It does a very good job of maintaining itself.”

Golovanov and Stewart based their assessments on a variety of TDL-4′s traits, all which make it an extremely tough character to detect, delete, suppress or eradicate.

Because TDL-4 installs its rootkit on the Master Boot Record (MBR), it is invisible to both the operating system and more, importantly, security software designed to sniff out malicious code.

Further,what makes the botnet indestructible is the combination of its advanced encryption and the use of a public peer-to-peer (P2P) network for the instructions issued to the malware by command-and-control (C&C) servers.

“The way peer-to-peer is used for TDL-4 will make it extremely hard to take down this botnet,” said Roel Schouwenberg, senior malware researcher at Kaspersky, ”The TDL guys are doing their utmost not to become the next gang to lose their botnet.”

Read more….

Apple Website Is Ripe For Hacking

According to the Ethical Hacking group YGN, Apple’s website for developers is virtually wide open and gives the opportunity for hackers to introduce malware such asphishing attacks to gain access to subscriber’s vital personal information.

One group known as Networkworld identified three holes on Apple’s website that arbitrary URL redirects, cross-site scripting and HTTP response splitting. That said, these holes could allow hackers to arbitrarily redirect to other websites and make phishing attacks against developers login credentials more successful.

Read More…..

Chinese Government Questioned About Cyber-attack

The U.S. State Department questioned the Chinese government regarding an attack that had temporarily shut down the website Change.org after the site hosted a petition urging Chinese authorities to release artist Ai Weiwei from custody.

U.S. deputy assistant secretary Daniel Baer raised concerns about the attack in April with China’s foreign ministry, according to an official letter sent from the State Department to U.S. Rep. Rosa DeLauro (D-Conn.). Change.org obtained a copy of the letter and released it Tuesday.

The nature of those talks is still somewhat vague. The U.S. Embassy in Beijing said it had no current information on the matter and deferred to the State Department. China’s foreign ministry has yet to respond to a request for comment.

Change.org, an online petitioning platform, was the victim of a distributed denial of service (DDoS) attack originating from China on April 17. The attacks nearly brought down the site for days.

DDoS attacks can do this by using hundreds or thousands of hacked computers to drive traffic to a website. The data will become so overwhelming that the site will become inaccessible to users.

Change.org said the DDoS attacks from China continue to bring down the site intermittently. The FBI is investigating the case, said Benjamin Joffe-Walt, an editor with Change.org.

Read More….

Apple Admits To Security Issues

Apple has finally acknowledge and has promised an update for Mac OS X that will find and remove the MacDefender fake security software, and warn uninfected users when they download the infectious program.

The announcement — part of a new support document that the company posted late Tuesday — was the company’s first public recognition of the threat posed by what security experts call “scareware” or “rogueware.”

Apple has taken criticism for not publicly responding to the MacDefender threat.

“In the coming days, Apple will deliver a Mac OS X software update that will automatically find and remove Mac Defender malware and its known variants,” Apple said in the document. “The update will also help protect users by providing an explicit warning if they download this malware.”

Apple also outlined steps that users with infected Macs can take to remove the scareware.

Andrew Storms, director of security operations with nCircle Security, was surprised that Apple said it would embed a malware cleaning tool in Mac OS X.

Read More……

Microsoft Delivers Massive Security Updates

Microsoft today patched a whopping 64 vulnerabilities in Windows, Office, Internet Explorer (IE), and other software, including 30 bugs in the Windows kernel device driver and one in IE that was exploited at the Pwn2Own hacking contest last month.

The company also delivered a long-discussed “backport” to Office 2003 and Office 2007 that brings one of the newer security features in Office 2010 to the older editions.

The 17 updates, which Microsoft dubs “bulletins,” tied a record set late last year, but easily beat the October 2010 mark for the total number of flaws they fixed. Altogether, today’s updates patched 64 vulnerabilities, 15 more than in October and 24 more than in the former second-place collection of December 2010.

Nine of the 17 bulletins were pegged “critical,” Microsoft’s highest threat ranking, while the remainder were marked “important,” the next-most-serious label.

Microsoft and virtually every security expert pegged several updates that users should download and install immediately.

“There are three we think are top priorities,” said Jerry Bryant, group manager with the Microsoft Security Response Center (MSRC), in an interview earlier today. Bryant tagged MS11-018, MS11-019 and MS11-020 as the ASAP updates.

Read More…

Hackers Go After WordPress

« Previous Page