Information Security News
Thanks to reader Gary for sending us in a sample of a *Coin miner that he found attacking Port 32764. Port 32764 was recently found to offer yet another backdoor on Sercomm equipped devices. We covered this backdoor before 
The bot itself appears to be a variant of the "zollard" worm sean before by Symantec . Symantec's writeup describes the worm as attacking a php-cgi vulnerability, not the Sercomm backdoor. But this worm has been seen using various exploits.
Here some quick, very preliminary, details:
The reason I call it *Coin vs. Bitcoin is that in the past, we found these miners to mostly attack non-Bitcoin crypto-currencies to make use of the limited capabilities of these devices. I do not have sufficient detail yet about this variant.
Interestingly, Gary found what looks like 5 binaries with identical functionality, but compiled for 4 different architecture providing for larger coverage across possible vulnerable devices. The binaries are named according to the architecture they support.
|arm||86680||ELF 32-bit LSB executable, ARM, version 1, statically linked, stripped|
|armeabi||131812||ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, stripped|
|mips||140352||ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped|
|mipsel||141288||ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, stripped|
|x86||74332||ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped|
The binary appears to do the following among other things:
It also looks like there are many other variants for different architectures based on string in the file Gary sent us.
In the latest cautionary tale involving the so-called Internet of things, white-hat hackers have devised an attack against network-connected lightbulbs that exposes Wi-Fi passwords to anyone in proximity to one of the LED devices.
The attack works against LIFX smart lightbulbs, which can be turned on and off and adjusted using iOS- and Android-based devices. Ars Senior Reviews Editor Lee Hutchinson gave a good overview here of the Philips Hue lights, which are programmable, controllable LED-powered bulbs that compete with LIFX. The bulbs are part of a growing trend in which manufacturers add computing and networking capabilities to appliances so people can manipulate them remotely using smartphones, computers, and other network-connected devices. A 2012 Kickstarter campaign raised more than $1.3 million for LIFX, more than 13 times the original goal of $100,000.
According to a blog post published over the weekend, LIFX has updated the firmware used to control the bulbs after researchers discovered a weakness that allowed hackers within about 30 meters to obtain the passwords used to secure the connected Wi-Fi network. The credentials are passed from one networked bulb to another over a mesh network powered by 6LoWPAN, a wireless specification built on top of the IEEE 802.15.4 standard. While the bulbs used the Advanced Encryption Standard (AES) to encrypt the passwords, the underlying pre-shared key never changed, making it easy for the attacker to decipher the payload.
SANS Tallinn Offers Infosec Training in Estonia
SANS will be offering three vital information security courses in Estonia this September. The Sokos Hotel Viru in Tallinn will welcome students from September 1–6 for the six-day courses led by world-class SANS Instructors. The SANS Institute provides ...
'Negative Joblessness' In InfoSec
Characterizing the state of employment among American information security practitioners, executive recruiter Joyce Brocaglia says, "We are experiencing negative unemployment in the field of information security." Brocaglia, chief executive of the ...
Posted by InfoSec News on Jul 07http://www.infosecnews.org/event/cyber-security-expo/