Global Cyber News Bits, July 22, 2009 from CommunityDNS.

22Jul09

Provided by CommunityDNS, the information in this post consists of news items in the security-based Internet community.

Open-source firmware vulnerability exposes wireless routers

A vulnerability in open-source firmware used in over 200 different models manufactured by Linksys, Netgear and other manufacturers yields root access by simply luring an unsuspecting user to a malicious site. Upon landing on a malicious site the wireless router is now under a hacker’s control. Wireless routers and other embedded systems running the DD-WRT firmware are subject to the vulnerability.

Click here for more information.

Report finds government vulnerable to cyber attacks

After interviewing 18 federal agencies, along with experts inside and outside of government, the US is at risk of not being able to fight off attacks against the nation’s computer networks, according to the report titled, “Cyber IN-Security”. Success can only be achieved by strengthening the government’s cyber-security workforce.

The four major challenges are:

• An inadequate supply of potential new information technology experts.

• Uncoordinated leadership of cyber-security workers.

• A cumbersome hiring process that discourages people from seeking government jobs and providing a career path.

• Hiring managers and human resource specialists who disagree on the quality of IT candidates.

Click here for more information.

America’s 10 most wanted botnets

Botnet attacks are increasing by cybergangs. Below are the top 10 most wanted botnets, based upon botnet size and activity within the US.

1. 1). Zeus with 3.6 million US compromised computers. The Zues Trojan uses key-logging techniques to steal user data.
2. Koobface with 2.9 million US compromised computers. Spread via social networking sites users are asked to click a link which downloads malware and takes control of computer.
3. TidServ with 1.5 million US compromised computers. The downloader Trojan spreads through spam e-mail as an attachment.
4. Trojan.Fakavalert with 1.4 million US compromised computers. Previously used for spamming this botnet has shifted to downloading other malware. Main focus is on rogue antivirus software.
5. TR/Dldr.Agent.JKH with 1.2 million US compromised computers. This Trojan posts encrypted data back to it comman-and-control domains and receives instructions. Typically used as a clickbot that generates ad revenue for the botmaster.
6. Monkif with 520,000 US compromised computers. The current focus is on downloading an adware browser helper object.
7. Hamweq with 480,000 US compromised computers. This backdoor worm automatically copies itself on any removable drive and executes anytime the removable drives are accessed. Used to execute commands on and receive information from the compromised system.
8. Swizzor with 370,000 US compromised computers. Trojan that can download and launch files from the Internet from a victim’s computer without the user’s knowledge. Focus is to install adware program and other Trojans.
9. Gammima with 230,000 US compromised computers. Focus is on stealing online game logins and account information.
10. Conficker with 210,000 US compromised computers. The downloader worm has spread less in the US and more around the globe. Has been used to sell fake antivirus software, however industry watchers fear emergence of a more dangerous purpose.

Click here for more information.

Chinese firms behind ‘Sexy Space’ Trojan

Three Chinese-based companies were recently identified as creators of the Sexy Space Trojan that spread onto the Symbian-based smartphone platform. Being the first text message worm, recipients would receive an SMS text message with a link to a malicious site. Once the malware was installed on the phone similar text messages would be sent to all contacts stored in the phone. The Symbian platform is used in just under 50% of all smartphones.

Click here for more information.

Twitter, Facebook urged to improve security

Web 2.0 companies are focused on growing their user base, possibly at the expense of defending their customers from Internet risks, as found in a recently released report.

The organization which produced the report also mentions more than 22.5 million samples of malware have been catalogued with 40,000 new suspicious files being examined every day. A web page becomes infected once every 3.6 seconds; four times faster than the first half of 2008. Last year 50% of all web-based malware came from China. Today China has dropped t 14.7% while the US dishonorably takes the top spot of 39.6%

Click here for more information.

Filed under: Anycast, BHO, Bot, Botnet, Browser Helper Object, China, Community DNS, CommunityDNS, Conficker, Cyber defense, Cybercrime, Cybergang, Cybersecurity, DNS, Downadup, Facebook, Frethog, Gamania, Gamina, Gammima, Hamweq, Hijacking, IRCBrute, IT, Koobface, Krap, malware, Mobile Spam, Monkif, Phishing, RootKit, Security, Sexy Space, SMS, Spam, Swizzor, TidServ, TR/Dldr.Agent.JKH, Trojan.Fakavalert, Twitter, U.S., US Government, USB, Vaklik, Virus, Worm, Zeus   |  Leave a Comment
Tags: Anycast, BHO, Bot, Botnet, Browser Helper Object, Business Continuity, Business resilience, China, CommunityDNS, Conficker, Cyber Attacks, Cyber Terrorism, Cyber Warfare, Cybercrime, Cyberwar, DD-WRT, DDoS, DNS, DNS Resolution, DoS, Downadup, Facebook, Frethog, Gamania, Gamina, Gammima, Global resolution, Hamweq, Internet, IRCBrute, ISP, Koobface, Krap, malware, Monkif, Resolution Service, Rootkit USB, Security, Sexy Space, Smartphone, SMS, Swizzor, Symbian, TidServ, TR/Dldr.Agent.JKH, Trojan, Trojan.Fakavalert, Twitter, US Government, Vaklik, Wireless Router, Worm, Zeus