Injection Attacks Continue

In my line of work I come across websites that have been hacked and code is injected leading to a website loaded with malware ready to take advantage of people who don't patch their PC's. Today was the website executivehomemaker.com. Hidden inside this legitimate site is a redirect to hxxp://iwdown.com/inc/e.js. A site hosted in China.

This is just another in a long line of sites with vulnerabilities that allow the bad guys to take advantage of the casual surfers. They don't patch, they probably click on links in spam e-mails and on and on. My last search on the iwdown site shows 135,000 sites with these injections. Click here an see the search results.

Stay safe and have a fabulous weekend and ROCK CHALK JAYHAWK!

Asprox Botnet is Back!!

The Asprox botnet has come back to life with malicious injections into legitimate websites. Click here to see the Google search on the malicious injection. The site hosting the malicious code is h!!p://www.wmpd.ru. Now let me warn you, DO NOT CLICK ON THESE LINKS!!! These websites in this search have a vulnerability that allows attackers to inject this code. They need to close the vulnerability or they will continue to have possible attacks on their websites.

It is a good idea to avoid these sites. If your PC is not patched with all the software you have installed, then your PC can fall victim to the attackers and your PC can then be in control of the attacker and their botnet.

Hope everyone is having a safe weekend and I hope it is warmer where you are than here in the state of Kansas.

Monster.com/USAJobs.gov sites Compromised

Read on Internet Storm Center's website that Monster.com and USAJobs.gov had their databases compromised. Click here to read the details from ISC. Information from these databases was stolen. USAJobs.gov's database is administered by Monster. Click here for USAJobs.gov post detailing the information they know. Click here for Monster.com's post detailing the information they know.

So what are the dangers? Thing targeted spear phishing attacks to follow on the heels of this compromise. Those on Monster and USAJobs will now be in the cross hairs of malicious attackers. From the press releases, login credentials were also taken so if you are one of those who likes to use the same password for many things, as Joel Esler states in the ISC Diary posting, might be a good time to go change that password on yourbankhere.com. We've talked about not using the same password for everything, especially financial accounts.

Heartland Payment Systems - Data Breach

This week on Tuesday, the busiest news day here in the United States, an
announcement was made by Heartland Payment Systems that they uncovered
malicious software in their processing system. They ONLY process about 100
million transactions each month so surely this isn't that big of a deal.

It is early on in the investigation, but this data breach may even
de-throne TJX and their 94 million cards compromised back in 2006-2007.
This company serves more than 250,000 businesses ranging from restaurants,
retailers, convenience stores including pay-at-the-pump, to payroll
systems.

According to the New York Times, the malicious code was introduced into the Heartland Payment System's infrastructure as early asMay 2008. And Heartland didn't actually take the matter seriously until late Fall of 2008. They were contacted by VISA and MasterCard twice before they took this seriously. Then they chose inauguration day to make its announcement. Precious!

I would suggest to everyone to monitor closely your credit card statements and bank accounts if you like to use your debit card. Report any fraudulent charges immediately to your card issuer. Just a couple of weeks ago, there was a report of small charges, as little as .25 cents run through many credit card accounts. Some theorize someone is trying to find out if illegally obtained credit card numbers will work before making larger charges.

From Heartland's own special website www.2008breach.com, they are saying that this may be the result of widespread global cyber fraud operation and that the US Secret Service and the US Department of Justice are involved in the investigation.

UPDATE: I do know that banks are currently contacting customers who may have had a credit or debit card compromised in this data breach.

Fake Antivirus Scenario

So you do a search in your favorite search engine like Google, Yahoo, or others. You search on a topic of interest, then you click the link to see if it is something you were researching on.


But when you click on the link it does not take you to the site. It pops up a message that looks like this. It's kind of a scary message that says hey you have some bad stuff on your machine.

Now if you get this message, I would advise you not click on the OK or the Cancel buttons. Wouldn't even click on the X. Interesting thing is the bad guy has disabled the ability to go down to the START bar in Windows and right click the Windows Internet Explorer to close it. So here is my advice to close that Explorer window. Bring up the Task List (Cntl + Alt + Dlt) and then kill it from there.

Stay safe out there and Rock Chalk Jayhawk!!!!!

Huge Botnet Being Built by Downadup

A huge number of PC's are being compromised because they lack the patch for MS08-067. This was one of those out of band patches Microsoft came out with in the 4th quarter of 2008. Patching your Windows PC is so very important. F-Secure, a security research firm has been tracking this over the past week. I'm linking you to a story out of ComputerWorld.com. Click here to read how this botnet is growing super fast.

Might want to check out the patches that are installed on your PC. Make sure that you have MS08-067 installed. Run your Microsoft update to see if you are up to date.

Hope you all are having a great weekend. Stay safe.

Twitter Security Does Not Equal 'happiness'

If you have listened to the news lately, and you are a user of Twitter you have heard about a phishing attack that happened a few days ago, and then shortly after that. The story goes, there was an employee of Twitter who had a weak password and the 18 year old hacker used a dictionary attack on some Twitter accounts and just so happened to crack the password. Once the hacker knew what account they actually hacked, he realized that he was able to take control of anyone's Twitter account.

So, Bill O'Reilly, Brittney Spears, Barrack Obama, just to name a few, all had their Twitter account passwords reset and then they were under control of the bad guy. To make a long story short, the Twitter account that was hacked had a password that was a word from a dictionary. It happened to be 'happiness'. Any word that can be found in the dictionary is considered a weak password. So here is my lesson on creating passwords.

Steps in creating a strong password are as follows.
1) Make a passphrase that is more than 10 characters.
2) Use a combination of upper and lower case letters as well as numbers and special characters.
3) Don't use the same password for multiple accounts, especially financial accounts.

So you want examples? What about your favorite vacation spot? So you love to travel to Rocky Mountain National Park. So you could create a password that incorporates special characters, numbers, and upper and lower case letters. How is this for a password. iL0v3therock1es. There is a 15 character password that isn't too hard to remember. You can use all kinds of things like this to create you a strong password.

Don't be a twit. Use strong passwords. Have a great Friday tomorrow and I'm planning on a fabulous weekend!

Phone Scamming Bastards!

I just got a call that when I answered was a recorded message that said something like "your warranty on your new vehicle is about to expire. Push 1 to talk to a warranty specialist, or push 2 to close your warranty out." So just for fun, I pushed 1. Then I get this real operator on the line who asks me the year and model of my car. So being a suspicious person, I said he should know what year and model my car is because he has the file in front of him. Then total silence....then I was disconnected.

The moral of this story is, ALWAYS be careful what you give out over the phone. I'm not really sure what type of information they were wanting or what they were wanting to sell me but the call was cut pretty short. It just so happens that I do have a car that is under warranty so it made me just a bit curious. Never give out information on the phone, especially to people claiming to be from your financial institution. If you question the caller, always hang up and call your institution.

Have a great week!

Cyber Attacks a Part of Arsenal

I'm sure you've heard about the violence between Israel and Hamas. Cyber attacks are a part of a Hamas response. Websites in Israel have been attacked using defacements of websites and has escalated to denial of service attacks and more. If you remember last year, attacks using military and cyber warfare was used against Georgia also. Seems as this is becoming just another part of attacks on your enemies. Not only with military strikes, but also with cyber attacks.

Click here to read a short update from the guys and gals at the Internet Storm Center. They do a fabulous job and are a great resource to keep up with what is going on in computer security.

Rock Chalk Jayhawk! Go KU! The guys from Kansas University put it to the Volunteers of Tennesse today in Allen Field House.

Bot Activity Blocks Me from Computer Security Page

Well this evening I was going through stories listed on one of my favorite sites for computer security news. I keep up daily on what is going on as a part of my job. Tonight, I find that they have blocked me because there has been too much "bot activity" and "script kiddie activity" from my IP range. Well, I'm in northeast Kansas near Kansas City and my service provider is Cox Communications. What does this tell me, well it tells me that there are a lot of folks here in my area within my IP range have compromised PC's.

Hey folks! Read my blog and maybe you can keep yourself better protected than you are right now. Here is a picture of the screen I get. Actually pretty funny because it is animated but it ticks me off that I am blocked. Wishing people would be more responsible. Well I'm out for now. Hopefully you all had a fabulous New Year and I've got to go to work tomorrow.