Malware for Sale
Hackers with a few thousand bucks to spare have been splurging on a new toolkit that targets Java, according to one security researcher. "Java exploits are most effective when included in exploit packs since they can turn any hacked website into a particularly dangerous place for end users," said Bill Morrow of Quarri Technologies.
Nov 29, 2011 5:00 AM PT
The holiday shopping season is in full swing, even for malicious hackers.
On the other side of the security line, Twitter is buying up Android security solution provider Whisper Systems.
That may be a timely move, as security experts have warned that the Android platform is ripe for a malware deluge. WebSense Security Labs, for example, predicts that more than 1,000 different attacks will hit mobile devices in 2012.
Meanwhile, four suspected hackers arrested in Manila for targeting PBX systems maintained by AT&T reportedly have ties to a terrorist group.
Finally, fears that terrorists were involved in another attack in the United States -- specifically targeting a pump at a small water utility in Springfield, Ill., two weeks ago -- have apparently proven unfounded.
The Bitter Aftertaste of Java
The Java exploit mentioned by Krebs attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier, the researcher said.
Java 6 Update 29 and Java 7 Update 1 are patched against this and 19 other security updates, Krebs stated.
The hacker principally responsible for maintaining and selling the Black Hole exploit kit apparently told Krebs the new exploit is being offered free to existing licensees of the kit. It costs US$4,000 to anyone else.
The Black Hole exploit kit can drop any of a number of payloads onto a victim's PC. It's used extensively by cybercriminals.
"Java exploits are most effective when included in exploit packs since they can turn any hacked website into a particularly dangerous place for end users," Bill Morrow, executive chairman of Quarri Technologies, told TechNewsWorld.
Tweeting in Safety
Twitter is purchasing Whisper Systems, the latter announced recently.
Further, security experts are warning that mobile malware in general is on the rise.
"Malware in smartphones is a catastrophe just waiting to happen," Jakob Ehrensvard, chief technology officer at Yubico, told TechNewsWorld.
Because apps invoked intentionally by the user have full access to various features and functions, "the problem is very difficult to effectively protect against," Ehrensvard pointed out.
Smartphone owners should use a password to protect access to the device, suggested Alex Horan, Core Security senior product manager, suggested.
"That might feel inconvenient, but it won't be as inconvenient as losing all of your personal information to a complete stranger," Horan told TechNewsWorld.
The Thrilla in Manila
Manila police have arrested four people suspected of having hacked into corporate PBXs run by AT&T and selling off the lines to call centers, netting $2 million over two years.
"This is one of the first times that terrorists have been directly linked to hackers, and it is of great concern," Phil Lieberman, CEO of Lieberman Software, told TechNewsWorld.
The Great Springfield SCADA Scare
When the SCADA -- supervisory control and data acquisition -- system at a small water utility in Springfield, Ill., was apparently reconfigured by a hacker recently, causing a pump to break down, it sparked fears of terrorism and led to an investigation by the FBI and the Department of Homeland Security.
On Monday, ICS-CERT, the Industrial Control Systems Cyber Emergency Response Team, dismissed the terrorism fears.
There was no evidence of malicious activity, and the investigation into what caused the pump to fail is still going on, ICS-CERT said.
Perhaps new IP geo-location technology introduced into its ReD Shield product by payment processing and fraud prevention firm ReD might help track down cybercriminals.
The technology now can track fraud threats using IP identification and geo-location information.
ReD Shield can determine the true physical location of an end user's server and also detect if the end user is preventing detection of its actual IP address, Erika Gallo, risk services director at ReD, told TechNewsWorld.