Malware for Sale

The holiday shopping season is in full swing, even for malicious hackers.

Cybercriminals are lining up to lay hands on a new exploit that takes advantage of a recently patched critical security flaw in Java, security researcher Brian Krebs warned recently.

On the other side of the security line, Twitter is buying up Android security solution provider Whisper Systems.

That may be a timely move, as security experts have warned that the Android platform is ripe for a malware deluge. WebSense Security Labs, for example, predicts that more than 1,000 different attacks will hit mobile devices in 2012.

Meanwhile, four suspected hackers arrested in Manila for targeting PBX systems maintained by AT&T reportedly have ties to a terrorist group.

Finally, fears that terrorists were involved in another attack in the United States — specifically targeting a pump at a small water utility in Springfield, Ill., two weeks ago — have apparently proven unfounded.

The Bitter Aftertaste of Java

The Java exploit mentioned by Krebs attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier, the researcher said.

Java 6 Update 29 and Java 7 Update 1 are patched against this and 19 other security updates, Krebs stated.

The hacker principally responsible for maintaining and selling the Black Hole exploit kit apparently told Krebs the new exploit is being offered free to existing licensees of the kit. It costs US$4,000 to anyone else.

The Black Hole exploit kit can drop any of a number of payloads onto a victim’s PC. It’s used extensively by cybercriminals.

“Java exploits are most effective when included in exploit packs since they can turn any hacked website into a particularly dangerous place for end users,” Bill Morrow, executive chairman of Quarri Technologies, told TechNewsWorld.

Tweeting in Safety

Twitter is purchasing Whisper Systems, the latter announced recently.

Not a moment too soon, perhaps. Twitter has been used as a vehicle for spreading malware. For instance, in September it was used to mine Bitcoins, Trend Micro discovered.

Further, security experts are warning that mobile malware in general is on the rise.

“Malware in smartphones is a catastrophe just waiting to happen,” Jakob Ehrensvard, chief technology officer at Yubico, told TechNewsWorld.

Because apps invoked intentionally by the user have full access to various features and functions, “the problem is very difficult to effectively protect against,” Ehrensvard pointed out.

Smartphone owners should use a password to protect access to the device, suggested Alex Horan, Core Security senior product manager, suggested.

“That might feel inconvenient, but it won’t be as inconvenient as losing all of your personal information to a complete stranger,” Horan told TechNewsWorld.

The Thrilla in Manila

Manila police have arrested four people suspected of having hacked into corporate PBXs run by AT&T and selling off the lines to call centers, netting $2 million over two years.

The operation was allegedly financed by Jemaah Islamiyah, a southeast Asian militant Islamic organization responsible for, among other things, the 2002 Bali car bombing that killed 200 people).

“This is one of the first times that terrorists have been directly linked to hackers, and it is of great concern,” Phil Lieberman, CEO of Lieberman Software, told TechNewsWorld.

The Great Springfield SCADA Scare

When the SCADA — supervisory control and data acquisition — system at a small water utility in Springfield, Ill., was apparently reconfigured by a hacker recently, causing a pump to break down, it sparked fears of terrorism and led to an investigation by the FBI and the Department of Homeland Security.

On Monday, ICS-CERT, the Industrial Control Systems Cyber Emergency Response Team, dismissed the terrorism fears.

There was no evidence of malicious activity, and the investigation into what caused the pump to fail is still going on, ICS-CERT said.

Perhaps new IP geo-location technology introduced into its ReD Shield product by payment processing and fraud prevention firm ReD might help track down cybercriminals.

The technology now can track fraud threats using IP identification and geo-location information.

ReD Shield can determine the true physical location of an end user’s server and also detect if the end user is preventing detection of its actual IP address, Erika Gallo, risk services director at ReD, told TechNewsWorld.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

More by Richard Adhikari
More in Malware

Technewsworld Channels