Information Security News
Vendors audited by Vic Govt infosec chief
SC Magazine Australia
Victoria's data security chief has warned vendors to brush up their security postures if they hope to ply trade with the State Government. Commissioner for Law Enforcement Data Security David Watts will head the state's office of the Privacy and Data ...
Sydney Morning Herald
What if they pulled the plug?
Sydney Morning Herald
It was 5.30am on November 22, 2012 when Greg Walsh had his first inkling that the internet had stopped working. As a farm manager near Warrnambool, he had risen early to check his email and send instructions to the farm managers he oversaw. Except on ...
by Sean Gallagher
Your average workaday botnet uses a command and control server to give the malware bots on infected PCs their marching orders. But as network security tools begin to block traffic to suspicious domains, some enterprising hackers are turning to communications tools less likely to be blocked by corporate firewalls, using consumer services to deliver their bidding to their digital minions. Today, security researchers at Trend Micro revealed the latest case of the consumerization of botnet IT: malware that uses an Evernote account to communicate.
The backdoor malware, designated as VERNOT.A by Trend Micro, is delivered via an executable file that installs the malware as a dynamic-link library. The installer then ties the DLL into a legitimate running process, hiding it from casual detection. Once up and running, the backdoor starts to collect information about the system it has made its home—the computer's name, the person and organization identified as its registered owners, the operating system version, and its timezone. Then it connects to Evernote—specifically the Chinese interface to the Evernote service—to fetch information from notes saved in an account, including commands to download, run, and rename files on its host system.
According to a blog post by Trend Micro Threat Response Engineer Nikko Tamaña, the backdoor may have also used Evernote as a location to upload stolen data. Fortunately (or unfortunately, depending on how you look at it), the account that was hard-coded into the backdoor's channel to home had already been shut down—ironically, because its password was reset after Evernote's recent security breach.
by Peter Bright
Last week, anti-spam organization Spamhaus became the victim of a large denial of service attack, intended to knock it offline and put an end to its spam-blocking service. By using the services of CloudFlare, a company that provides protection and acceleration of any website, Spamhaus was able to weather the storm and stay online with a minimum of service disruptions.
Since then, the attacks have grown to more than 300 Gb/s of flood traffic: a scale that's threatening to clog up the Internet's core infrastructure and make access to the rest of the Internet slow or impossible.
It now seems that the attack is being orchestrated by a Dutch hosting company called CyberBunker. CyberBunker specializes in "anything goes" hosting, using servers in a former nuclear bunker (hence the name). As long as it's not "child porn and anything related to terrorism," CyberBunker will host it. This includes sending spam.