[IS&T Security-FYI] SFYI Newsletter, November 21, 2008

Fri Nov 21 15:03:54 EST 2008

In this issue:

1. Biggest Spammers Shut Down (Temporarily)
2. Emerging Cyber Threats for 2009
3. Patches for New Browsers

------------------------------------------------------------
1. Biggest Spammers Shut Down (Temporarily)
------------------------------------------------------------

The amount of spam being sent worldwide dropped noticeably about a  
week ago after McColo, a northern California-based hosting provider  
identified as hosting spamming organizations, was cut off by its  
Internet providers.  It is estimated that McColo hosted the machines  
responsible for 75 percent of spam sent worldwide.  The relief is  
likely to be temporary, as operations that send the unsolicited  
commercial email seek out other avenues to help them spread their wares.

McColo's connection to spamming mainly comes from its hosting several  
of the biggest botnets: groups of hacked computers (also called  
'zombies') that are tied to a single command center. Aside from  
hosting bot, spam and malware activity, McColo reportedly also hosted  
illegal content, such as child pornography.

The decisions to pull the plugs on the hosting companies were made by  
their service providers, not by security researchers or law  
enforcement. The effort may not be enough to completely eradicate  
spammers and other cyber criminals. In fact, many operations that are  
shut down by one service provider often resurface a short time later  
at another location on the Internet.

Read full story:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=network_security&articleId=9120542&taxonomyId=142&intsrc=kc_top 
 >

If you're interested in the activities attributed to McColo, the  
Washington Post which first released the story has put together a flow  
chart, available here:
<http://voices.washingtonpost.com/securityfix/2008/11/the_badness_that_was_mccolo.html 
 >

----------------------------------------------
2. Emerging Cyber Threats for 2009
----------------------------------------------

Internet-surfing cell phones were one of five top “emerging cyber  
threats” named in a new report by Georgia Tech’s Information Security  
Center. The number of people who own iPhones or other smart phones is  
growing rapidly, and users are beginning to store and send personal  
information from the devices, making them a potentially rich target  
for cyber-attackers. "As these devices have richer functionality,  
you’re going to be able to install applications, and we’re going to  
run into the same kind of problems that laptops and desktops have,"  
said Mustaque Ahamad, director of the center, in an interview.

Another top threat cited in the report was malware, software designed  
to harm or take over a computer. Malware is usually disguised as  
something a user would want to open, like an e-mail attachment or a  
link on a Web site. These days cyber-criminals are using Facebook and  
other social networks to distribute malware. "The recipient clicks on  
the link supposedly sent by his/her friend, and then sees a prompt to  
install the latest version of Flash Player in order to watch the video  
clip," the report says. "The user clicks to install the update, but  
actually installs a piece of malware on the machine." The report  
expects a tenfold increase in the detection of malware in 2008  
compared to 2007.

The good news: Microsoft operating system security has improved and  
auto-update features help both corporate and consumer end users stay  
up to date with patches. Many software vendors including Firefox,  
Adobe and Apple, are also shipping auto-patch/update capability with  
each new software release.

If you're interested in reading the report, I have obtained a copy  
(PDF) and posted it online here:
<http://web.mit.edu/myeaton/Public/CyberThreatsReport2009.pdf>

-------------------------------------
3. Patches for New Browsers
-------------------------------------

Both Google Chrome and Apple Safari for Windows have had security  
problems. Google patched Chrome last week Tuesday to prevent attackers  
from stealing files from PCs running the open-source browser.
<http://www.networkworld.com/news/2008/111408-google-patches-chrome-file-stealing.html?code=nlsecuritynewsal170179 
 >

On Friday, Apple added anti-phishing protection to Safari, the last  
major browser to receive the feature that blocks known identity- 
stealing sites. The company also patched 11 security bugs in the  
program, the bulk of them specific to the Microsoft Windows version.
<http://www.networkworld.com/news/2008/111408-apple-plays-catch-up-adds-anti-fraud.html?code=nlsecuritynewsal170182 
 >

Comment from Ed Skoudis of SANS: "It is probably a good idea to not  
rely on a browser for your main web surfing until it has aged a bit,  
giving the vendor time to work out the most egregious security flaws.   
How much time?  My gut says about a year is needed before a browser  
becomes reasonably (but not perfectly) scrubbed.  Until then, have fun  
playing with these shiny new toys on an experimental box."

IS&T also suggests that MIT users do not run browser applications on  
browsers that are not yet tested by the IS&T Software Release Team,  
which checks for compatibility with the other software MIT uses before  
it recommends or fully supports them. To learn what software IS&T  
recommends and supports see:
<http://web.mit.edu/ist/topics/software/>

=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security

---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you  
for your password.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20081121/0a5f353e/attachment.htm