Internet Explorer zero-day vulnerability

This week I decided to take a closer look at some of the information I receive via e-mail on a daily basis.  I have signed up to get almost every newsletter from TechTarget.com. They have some good information they release on a daily basis. 

The update I received on September 28, 2012 discussed and Internet Explorer zero-day vulnerability, a new Java sandbox vulnerability, and the revoking of a code signing certificate by Adobe.

Since I found out today that my laptop issues are virus related I decided to look into the Internet Explorer note.

Seems that security researchers are sending out warnings regarding a new zero-day vulnerability that is affecting Internet Explorer.  Apparently this flaw has already been exploited "in the wild".

The flaw affects Internet Explorer 7, 8, and 9 on machines running Vista XP, Vista, and Windows 7 and was discovered last weekend by researcher Eric Romang.  in his blog, Romang notes that the Nitro Gang, which is the same group that apparently used the recent Java zero-day in targeted attacks, could also be connected to this most recent IE vulnerability.

According to researchers at Boston-based Rapid7, systems become infected when the user visits a malicious website.   Microsoft issued security advisory 2757760 regarding this flaw.  They further noted they are aware of targeted attacks attempting to exploit the vulnerability.

Microsoft went on to report that a remote code execution vulnerability presents in the way IE accesses and object which has been deleted or has not been properly allocated.  The vulnerability may corrupt memory in a fashion that could allow an attacker to execute arbitrary code in the context of the current user within IE.  An attacker could then host a specially created website designed to exploit the vulnerability through IE and persuade the user to view the website.

Microsoft warned that the flaw can be exploited by malicious code embedded in user content or website advertisements on legitimate sites.

Microsoft has not ruled out an out-of-cycle security update to repair the vulnerability.  Rapid7 suggests switching browsers until Microsoft can fix the vulnerability.

A zero-day exploit module has been added to Metasploit penetration testing toolkits in order to allow security experts a way to test their system's vulnerabilities.

Staff, S. (2012, September 17). New zero-day vulnerability targets Internet Explorer Users. Retrieved from SearchSecurity: http://searchsecurity.techtarget.com/news/2240163393/New-zero-day-vulnerability-targets-Internet-Explorer-users?asrc=EM_USC_18946942&track=NL-105&ad=881604&

"Drive-by" Virus

For this week's blog I visited The FBI website.  I found an interesting piece describing a "drive-by" virus.  This is a newer Internet scam that locks the victim's computer, and demands payment in order to unlock and unfreeze the user's computer.  Interestingly enough, when the pop up appears, it displays a very real looking, however fake, message supposedly from the FBI an stating that the computer has been frozen due to inappropriate web site visits, and that a fine has been assessed and must be paid in order to have your computer unfrozen.  Of course, the payment is to be paid via prepaid money card services.

This virus, known as Reveton, is a bit different and is referred to as a "drive-by' virus because it can install itself when the victim clicks on a compromised website.  The victim's computer then immediately locks and the FBI looking message appears on the screen.

While some people have paid the fine, others have reported the virus.  The Reveton virus, often utilized by hackers in conjunction with Citadel malware was first brought to the FBIs attention in 2003.  The IC3 issued a warning about this virus on their website in May, 2012.  Since that posting, the virus has become more wide spread both in the United States and internationally.  This virus has been mutated into other versions, one of which can turn on a webcam and displays the victim's photo on the frozen screen.

Unfortunately, this virus is not easy to remove from a system.  In fact, the average user will not be able to remove it.  It is suggested that if your system contracts the virus, you do not pay the money or reveal any personal information; take your system to a professional for removal; know that even if you can unfreeze the system, it is likely that the malware will remain on your system gathering and relaying personal information; file a complaint; watch for update information about this virus.

Seeing these reports almost makes me sick.  You know the people that have fallen for these warnings and made the demanded payments are more than likely people that could not afford it.  People's greed seems to have no bounds sometimes.  This type of thing reminds me of the predatory nature of the "contest" mailings many senior citizens receive.  It is an attempt to take something from many that probably do not have that much to spare.

 References

New Internet Scam - 'Ransomware' Locks Computers, Demands Payment. (2012). Retrieved from fbi.gov: http://www.fbi.gov/news/stories/2012/august/new-internet-scam/new-internet-scam

InfoSec Island

This week I went to InfoSec Island looking for material for my blog.  Interestingly enough, my eye was drawn to a piece entitled, "What Will the Impact of a Massive Attack In Cyberspace Be?"  The title caught my eye as I was channel surfing a few weeks ago and landed on CNN where they were discussing Cybersecurity, Cyber warfare, and the increasing need for employees in the cybersecurity field.

Actually, this show has haunted me since I saw it.  The show, forgive me as I cannot remember the name of the show, discussed how the next big war will be a cyber war and how the United States is no where near prepared for this kind of way, and would even have difficulty protecting its own infrastructure, particularly the power grids.  During the show they discussed how one would only need to take down the power grid on one side of the Country or other, either in extreme heat or cold, and then watch as the wave moved across the Country and this Country would fall. 

I can say this piece did nothing to put my mind at ease.  The author, Joel Harding, discusses how an initial blow in a cyberwar would be crushing.  A major part of our communications would be cut off.  The global Internet would go down, we may have local connections, but systems would be so stressed that even those would give out sooner or later; cell phone networks would more than likely cease to function; any service requiring satellite communications would become futile; WiFi, WiMax, and microwave connections would be effected and would cease working; AM and FM radio may work locally, but any type of communications outside the local area would be limited; the economy would screech to a standstill; cash would be the only means of commerce; inflation would go through thru the roof; demand out far out pace supply; moving supplies and meeting demand would be impossible without communication; transportation networks would slow down, and even stop.

Of course, we will figure out a way to work through it and begin again, but the thought that a way could be began via cyberspace, impacting almost everyone on earth in one way or another is pretty scary.

I tend to believe in conspiracy theories, Big Foot, the Lochness Monster, Aliens, Psychics, and on and on.  Some would say I'm more inclined to believe in this sort of nonsense, and this would never happen.

However, after reading this piece and watching the piece on CNN, I can see how this would and could happen.  I also see how devastating the simple act of affecting our power grid could be.  I do wonder we are not more prepared for this as a Country than we obviously are.  I do believe that the next big war will not be fought in battle fields with physical weapons.  Far more damage can be done from cyberspace.

Harding, J. (2012, September 14). Infosec Island. Retrieved from infosecisland.com:

http://www.infosecisland.com/blogview/22302-What-Will-the-Impact-of-a-Massive-Attack-in

Cyberspace-Be.html

Security Week

    I went to this site looking for something to discuss in this week's blog and found a couple of things.  There was one piece discussing the possible theft of Mitt Romney's tax returns and a demand of ransom for the same.  The other piece I found interesting was about Government security breaches.  This week I will discuss the Romney piece.
     The first piece, Romney Faces Extortion Over Tax Returns - Secret Service Investigating, discussed the possible theft of Mitt Romney's pre-2010 1040 forms, which are the very same that he is refusing to release to the public.  These records were supposedly stolen from a PriceWaterhouseCooper (PwC) office in Franklin, Tennessee.
     The demand letter noted that the thieves gained access to PwCs network file servers and were able to copy the tax documents of Willard M. Romney and Ann D. Romney.  The note further went on to explain that once PwC is able to figure out where the security breach occured, some people would more than likely be losing their jobs. 
     The thieves are demanding one million dollars in ransom, to be paid by Romney's people, or anyone that would like the information. 
     If this incident has truly occurred, this would be the second time that a Republican Presidential Candidate has been victimized by electronic means and weak security.  Sarah Palin's Yahoo! account was breached and the contents published online during her run for Vice President.  The thieves in this matter have reported that if Romney's camp does not pay the demanded ransom, they will release the documents to the public, or to anyone that pays the ransom.  So far the documents have not made a public appearance.
     PwC has reported that they are working with the Secret Service, but they report finding no evidence that their systems have been compromised or that there has been any unauthorized access to the reported files.
     There have been suspect packages delivered to the Democratic Party in Williamson County in Franklin, Tennessee, and to the Executive Director of the Williamson County Republican Party; both these packages were turned over, unopened to the Secret Service.
     At this point, they are leaning towards the fact that this is a hoax, however, the Secret Service has confirmed they are looking into matters, without providing any additional comments.

     Well, where to start.  I guess with saying that I will be voting for President Obama come election time.  I do not trust Mitt Romney, his Vice Presidential running mate, or most of the controlling members of the Republican party.  I think they are looking out for America's best off, and could care less about the middle class and the poor.

     I don't like that Mr. Romney has not produced his tax returns.  It leaves a lot of questions and people that hide their income and how that income was made are not trustworthy.  I also think it is pretty funny that if any Government entity demanded to see a regular citizen's tax returns, they would either have to be produced or there would be unfavorable consequences for not complying.

     I am a bit surprised that the PwC does not have better security, especially over high profile records.  It does make sense that this theft has occurred.  Look how many companies loose information every day.

Hello!

Hi.  My name is Dawn Angel Dooley, please call me Angel.  I have always wanted to blog but really wasn't sure I had anything that important to say.  However, I am currently pursuing my Master's Degree in Cybersecurity with Bellevue University in Bellevue, Nebraska, and as part of our coursework, we are required to blog.

So, this will be my Cybersecurity blog.  Hopefully I will post information and ideas that are appealing to people and hopefully I will get some good feedback and new ideas myself.

I am looking forward to this experience and all the new possibilities it presents.