[IS&T Security-FYI] SFYI Newsletter, January 30, 2009
Monique Yeaton
myeaton at MIT.EDU
Fri Jan 30 13:28:08 EST 2009
In this issue:
1. Two Big Computer Attacks Making the Rounds
2. New Security Standards Adopted by Massachusetts
3. Heartland Security Breach
4. Spam Levels Expected to Rise Soon
5. White House Posts Network Security Agenda
--------------------------------------------------------------
1. Two Big Computer Attacks Making the Rounds
--------------------------------------------------------------
--Sophisticated Windows Worm Conficker--
The Conficker worm, also known as Downadup and Kido, is troubling
computer systems around the globe. This Windows worm, known by
different monikers due to the various anti-virus and anti-malware
companies out there, was first seen in Oct. 2008. Microsoft released a
patch to solve the problem but the past week has seen the worm take
hold once again due to a new strain, dubbed Conficker.B, causing more
problems this month than the older version, Conficker.A, did at the
end of last year. Officials put the total number of computers infected
up to 3 million.
Read more here:
<http://tech.blorge.com/Structure:%20/2009/01/17/beware-the-windows-worm-conficker-downadup-kido-rampant/
>
<http://news.bbc.co.uk/2/hi/technology/7832652.stm>
--Pirated Copies of iWork 09 Contain Trojan--
Illegal copies of Apple's iWork 09 and Adobe's Photoshop CS4 have been
appearing on file sharing websites. The pirated software is believed
to contain a Trojan horse program known as iServices.A. The Trojan has
root access to infected computers. Once in place, it connects to a
remote server and downloads additional software that makes the
infected computer part of a botnet. The Trojan has already been
inadvertently downloaded by an estimated 20,000 users. This should
send a warning to would-be downloaders of pirated software.
Read more and learn how to remove the Trojan here:
<http://kb.mit.edu/confluence/x/HRZB>
--------------------------------------------------------------------
2. New Security Standards Adopted by Massachusetts
--------------------------------------------------------------------
Article by: Janine Hiller, Professor of Business Law, Virginia Tech:
"New Security Standards Adopted by Massachusetts"
Massachusetts security regulations adopted in 2008 are so
controversial that the deadline for compliance has already been
extended, and comments about possible amendments were heard January
16th, 2009. The requirements, intended to prevent identity theft,
incorporate a good deal of the standard FTC security provisions; a
comprehensive security program, identification of internal and
external risks, employee security policies, and the like. Furthermore,
the regulations list specific security actions that must be
implemented. Several highly debated provisions include mandatory
encryption of personal information of Massachusetts residents held in
a laptop or portable device, contractually requiring third party
service providers to comply with security protections, and a written
certificate of compliance from those providers.
The January 1, 2009 deadline was extended to May 1, 2009 for
contractual compliance and general provisions of the regulation, and
January 1, 2010 for encryption and certification. These seem to be the
most specific and strongest security regulations to date. The
importance of one state's specific security requirements for the
protection of residents' personal information can not be
overemphasized; as the Data Breach Notification laws showed, one
state's laws can affect other residents, and can spur action by other
states.
Standards are found here:
<http://www.mass.gov/?pageID=ocaterminal&L=3&L0=Home&L1=Consumer&L2=Identity+Theft&sid=Eoca&b=terminalcontent&f=idtheft_201cmr17&csid=Eoca
>
See Massachusetts Office of Consumer Affairs and Business and Business
Regulation for further information.
-------------------------------------
3. Heartland Security Breach
-------------------------------------
Princeton, NJ-based Heartland Payment Systems has acknowledged a data
security breach that may affect tens of millions of payment card
accounts. The breach apparently occurred in 2008, and Heartland says
the only data affected by that breach were the names and/or number
associated with payment cards; no merchant data, Social Security
numbers (SSNs), addresses or phone numbers were compromised. Heartland
discovered the breach after MasterCard and Visa contacted the company
regarding suspicious activity associated with certain accounts.
Investigators found malware lurking on Heartland's network.
Heartland's system processes 100 million transactions a month and were
regarded PCI certified. Many of the transactions using the Heartland
Payment System are not over the Internet, but are done in retail
stores and restaurants. If you think your credit card has been
compromised, contact the financial institution that issued the card.
Read full story here:
<http://www.msnbc.msn.com/id/28758856/>
Response from Heartland:
<http://2008breach.com/>
[Article source: SANS]
-------------------------------------------------
4. Spam Levels Expected to Rise Soon
-------------------------------------------------
Although spam levels dropped sharply after the hosting company McColo
was taken offline by its upstream providers two months ago, new
botnets and several resilient older ones are once again building the
volume of spam. Levels are expected to reach pre-takedown levels in
about one month, if the recent trend continues. McColo was
disconnected from the Internet by its upstream provider after the
provider received information indicating the hosting company had
numerous customers involved in cybercrime. McColo's takedown all but
demolished the Srizbi botnet and crippled several others, including
Rustock. However, no arrests were made and new botnets have taken
their places, including one called Ozdok or Mega-D that takes
screenshots of activity on infected machines and sends them back to a
remote server.
Read more here:
<http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126793&source=rss_topic17
>
[Article source: SANS]
------------------------------------------------------------
5. White House Posts Network Security Agenda
------------------------------------------------------------
In its recently posted Homeland Security Agenda, the Obama
administration has outlined its six major information network
protection goals:
- strengthen federal leadership on cyber security;
- initiate a safe computing R&D effort and harden our nation's cyber
infrastructure;
- protect the IT infrastructure that keeps America's economy safe;
- prevent corporate cyber espionage;
- develop a cyber crime strategy to minimize the opportunities for
criminal profit;
- and mandate standards for securing personal data and require
companies to disclose personal information data breaches.
Notable under the first item is that the administration plans to
"establish the position of national cyber advisor who will report
directly to the president and will be responsible for coordinating
federal agency efforts and development of national cyber security
policy."
Read more here:
<http://www.whitehouse.gov/agenda/homeland_security/>
<http://www.scmagazineus.com/President-Obamas-cybersecurity-plan-released/article/126252/
>
=========================
Monique Yeaton
IT Security Awareness Consultant
MIT Information Services & Technology (IS&T)
(617) 253-2715
http://web.mit.edu/ist/security
---------------------------------------
Important: DO NOT GIVE OUT YOUR PASSWORDS!
Ignore emails asking you to provide yours. IS&T will *NEVER* ask you
for your password.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/ist-security-fyi/attachments/20090130/a43491ce/attachment.htm
More information about the ist-security-fyi
mailing list