Tuesday, December 02, 2008
More humorous news from the "Chinese invades the US Infrastructure"
front. I don't know about anyone else, but imagine me stating: "I saw
Tom Jones steal my car but I can't be sure it was Tom Jones... Or even
my car", would you say I was insane? I know if I read that, I would
think the writer suffered from multiple personality disorder. I'd think
the writer would have deep rooted psychological issues and a vividly
UNCLEAR grasp of reality. So today's quote:
"This wasn't the first such cyberattack, and officials said that
earlier incarnations of the virus had exported information such as
convoy and troop movements here. It was not clear precisely what
information, if any, was being pulled from Department of Defense
computers by this latest virus, they said. [1]"
Wait a minute... Did they or didn't they, are you sure or unsure. Was it
China or was it the Easter Bunny? Surprisingly, news agencies are all
over the place with this entire fiasco. Here we have the press stating
"Chinese Moo Goo Gai Pan Hackers are pwning the US Government!" while in
the same breathe they're saying: "Russian Vodka Drinking Hackers are
pwning the US Government!"
A Defense Department source said that the attack was significant and
got everyone's attention. It is not clear if the malware was created
by an individual hacker or whether the Russian government may have
had some involvement. [2]
The problem with news regarding breaches in the US Government is, it
emphasizes the fact that - the US Government really has no clue as to
who is attacking and or compromising their networks. At this point
whoever seems to be an enemy shall be labeled so irrespective of any
valid proof. Iraq + Yellow cake anyone? All is generally speculation at
this point. On the one hand we have them stating: "Tom Jones stole the
car, but we can neither confirm that Tom Jones stole the car!" In a
court of law wouldn't this be double jeopardy?
TV network CBS has become the latest big name to have it website used to host malware, a security company has reported.
It appears that Russian malware distributors were able to launch another iFrame attack on a sub-domain of the cbs.com site so that it was serving remote malware to any visitors. A user's vulnerability to the malware attack launched by the site hack would depend on a number of factors, including the type of security used on a PC, the operating system, and possibly the browser version.
"This saga confirms our many previous warnings that obfuscated code posing a serious threat to Internet users' PCs, said Finjan CTO, Yuval Ben-Itzhak, who has devoted a fair amount of time in recent months to finding these hacks.
"Our Threats Reports have continued to identify the increasing use of code obfuscation as a means of bypassing traditional signature-based solutions in order to propagate malware," Ben-Itzak continued, taking a pop at the anti-virus products against which his company in part competes.
"It also highlights the fact that no web portal, no matter how high ranking, can be totally secure against a system hack and consequent infection of its visitors. Web users need to exercise caution at all times," he said.
Finjan has it had informed CBS of the issue, but that the Russian exploit server had in any case been taken offline, neutering the attack for the time being.
iFrame and SQL injection attacks on big-name websites have been one of the fashionable attacks of 2008, embarrassing a string of household names.