Zero Day Patches, Nasty New Malware, and Jailed Hackers
Ready for a dose of InfoSec news? Your weekly security highlights reel is spooled up and ready to go.
This week was all about software updates. Not only did Microsoft and Adobe’s monthly Patch Day bring us patches for critical zero day vulnerabilities, but we saw security updates for Firefox and iTunes as well. In today’s video, I talk about all those updates, as well as two new interesting malware variants, and the sentencing and jailing of a team of well-known hackers. View the video for all the details.
A quick note… Next week I’ll be attending the AusCERT security conference in Australia. Though I still expect to bring you a weekly video, I may post it earlier or later than normal due to travel and the time zone differences. Keep safe out there and see you next week.
(Episode Runtime: 7:17)
Direct YouTube Link: http://www.youtube.com/watch?v=gjAx6PdFY0k
Episode References:
- Microsoft Patch Day, May 2013
- Adobe fixes Reader, Flash, and ColdFusion flaws – WGSC
- Mozilla releases Firefox 21 to fix eight vulnerabilities – Mozilla
- Latest version of Apple iTunes fixes 41 vulnerabilities – Apple
- New Mac malware leverages valid developer ID – The Register
- New Dorkbot variant spreads via Facebook chat and MediaFire – PC Magazine
- Four members of Lulzsec sentenced and Jailed – Wired
Extras:
- Linux kernal exploit in circulation – The H Open
- Breaking: Syrian Electronic Army hijacks The Financial Times web site and Twitter – The Register
- Auto regulators thinking about car hacking (one of my predictions last year) – Bloomberg
- Cyber fraud campaign discovered targeting Australian banks – ComputerWorld
- Software vulnerabilities found in Skyrim and Fallout 3 (fairly benign, but interesting) – The Inquirer
— Corey Nachreiner, CISSP (@SecAdept)
Working structure of Backdoor.IRCBot.Dorkbot.A (malware spreaded via Facebook) is so complicated by design, that it can easily “overload your brain”, if you’ll try to understand “overall process”. Self-encryption, self-checking with hash values, adding new sys-functions, checking protocol buffers, hooking on sys-files and all active processes, connect to C&C and more and more… All these stuff inside one malware, sized in couple of hundreds KB.
I wounder – why it is can’t also emulate VoIP calls to paid lines (organized by hackers), send posts to ICQ or Skype from infected hosts and breaks into near SQL-servers with injection functionality at the same time?? True, that “old-school” 3-40 KB viruses with self-replicate functionality and delete *.doc files are “funny toys” in comparision with novadays malware.