software

Google search results serve up malware - I’ve had the crime of my life

Well, that may not be news to you. However, there is a recent trend in malware propagation that uses Google as the portal to deliver payloads to visitors. Unsuspecting users go to Google and search for topics such as Patrick Swayze’s death or the controversy about Serena Williams cursing at the line judge in her recent US Open tennis match. When a user selects one of the Google search results and visits the page, malware is downloaded to the client computer since the referrer is Google. However, if someone were to just visit the page on their own or through another search engine, the website does not serve up malicious software.

For more information see this Register.com article Swayze death exploited to serve up fake anti-virus - I’ve had the crime of my life. Seems like malware is bombarding us from all directions now. You can’t even trust ads on the NY Times these days.

Thanks for reading & let’s continue to be good network citizens!

Would you click if it showed on the NY Times website? - Really would you?

Yesterday Fierce CIO reported that New York Times falls victim to rogue ad. This is a trend that seems to be happening more frequently. Rogue malware ads are appearing in a lot of places these days in areas most people would trust as authoritative and reliable sources of information. It is unknown how much the rogue malware “seller” may have gotten by putting the ad on the NY Times website but they likely made something from unsuspecting users. The NY Times did suffer some amount of loss since they disabled all third party ads until the rogue ad was removed. What would you do if an ad popped up on a trusted website saying your computer was infected? Most IT professionals would disregard the message as their systems SHOULD already be protected. However, how much of the general population is not an IT professional (at least outside of their own home )?

What can and should the security industry do to educate users about these social engineering tactics? Should computers be “licensed” or “permitted” to be on the internet to reduce threats to unsuspecting users? That’s a thought for you… what governing body would issue these computer use permits? What would the rate infrastructure be like - based on processor/memory or bandwidth? Where would the permit fees go? Would there be some internet oversight body that uses the fees to have inline malware filters?

Thinking out loud here folks - offer some suggestions. Your input is welcome and appreciated.

Thanks for reading and let’s continue to be good network citizens!

=========================

20090918 Update:

E-Week reports that there is a surge in click fraud. According to the article this is similar to the NY Times advertisement malware threat discussed above. I fear this trend will only get worse. What is a legitimate advertiser or web services organization to do?

Security news - Videos from Hack In The Box 2008 Malaysia available for download

The videos from HITBSecConf2008 - Malaysia are now available for download!

Day 1

=====

http://thepiratebay.org/torrent/4654588/HITBSecConf2008_-_Malaysia_Videos___Day_1

Keynote Address 1: The Art of Click-Jacking - Jeremiah Grossman Keynote Address 2: Cyberwar is Bullshit - Marcus Ranum

Presentations:

- Delivering Identity Management 2.0 by Leveraging OPSS

- Bluepilling the Xen Hypervisor

- Pass the Hash Toolkit for Windows

- Internet Explorer 8 - Trustworthy Engineering and Browsing

- Full Process Reconsitution from Memory

- Hacking Internet Kiosks

- Analysis and Visualization of Common Packers

- A Fox in the Hen House - UPnP IGD

- MoocherHunting

- Browser Exploits: A New Model for Browser Security

- Time for a Free Hardware Foundation?

- Mac OS Xploitation

- Hacking a Bird in The Sky 2.0

- How the Leopard Hides His Spots - OS X Anti-Forensics Techniques

Day 2

=====

http://thepiratebay.org/torrent/4654974/HITBSecConf2008_-_Malaysia_Videos___Day_2

Keynote Address 3: Dissolving an Industry as a Hobby - THE PIRATE BAY

Presentations:

- Pushing the Camel Through the Eye of a Needle

- An Effective Methodology to Enable Security Evaluation at RTL Level

- Remote Code Execution Through Intel CPU Bugs

- Next Generation Reverse Shell

- Build Your Own Password Cracker with a Disassembler and VM Magic

- Decompilers and Beyond

- Cracking into Embedded Devices and Beyond!

- Client-side Security

- Top 10 Web 2.0 Attacks

===

On a related note, the registration for HITBSecConf2009 - Dubai (20th - 23rd April) is now open!

http://conference.hitb.org/hitbsecconf2009dubai/

The Call for Papers (CFP) for HITBSecConf2009 - Malaysia (October 5th -

8th) will open in March 2009.