AusCERT Week in Review for 19th April 2013

Date: 19 April 2013 Original URL: http://www.auscert.org.au/render.html?cid=7066&it=17407 Greetings, Welcome to the Week in Review for the week ending Friday 19th of April 2013. As usual, it has been an interesting week in IT Security. The three main news items of the week that will be covered in this post are: 1) Boston marathon bombing related cyber attacks 2) Google prohibits ads on Google Glass 3) Microsoft introduces two-factor authentication across all its online products At the end of this post the most notable security bulletins of the week will also be covered in brief. This week's tragic events of the Boston marathon bombings have been turned into a phishing/spam attack by opportunists. Emails pretending to contain links to news articles and exclusive camera footage instead redirect users to fake websites that contain malware. This in turn infects their machine, possibly with a bot agent from Zeus or Kelihos. The bots could then easily harvest financial and personal information from the user or use the compromised machine to send further spam. AusCERT has been playing its role in preventing this from affecting the security of networks in Australia by actively keeping a track of known bad URLs and providing this as a feed to our members as usual. You can access the latest feed and information related to the feed by visiting: https://www.auscert.org.au/9123. In our research AusCERT has found that there were at least 22 unique IP addresses used in the hosting of the fake websites. All the URLs AusCERT inspected were of one of these forms: http://_ip_address_/news.html http://_ip_address_/texas.html http://_ip_address_/boston.html AusCERT will continue to keep an eye on this but we would suggest that organisations take necessary steps to ensure the safety of their organisation's devices from this phishing attack. In an interesting twist for a company that makes its primary revenues from advertisement (around 95% of revenue), Google has prohibited Google Glass developers from displaying ads or even charging for the software. It seems that Google may be trying a different tactic here and might just be focusing on making money from the hardware itself or waiting to see how it evolves before opening up the platform to software based revenue. Google has made public statements in the past explicitly making it clear that the Glass platform must be clean and clear of ads whatsoever as the technology is designed to facilitate internet browsing and other related activities. Microsoft has finally joined the small list of companies that support two factor authentication on their online products. Google was the first to introduce the concept en-mass back in 2010. Dropbox and Apple have followed suite. Microsoft joins this list this week. Finally, here are this week's top security bulletins: 1) ASB-2013.0056 - ALERT [UNIX/Linux] Parallels Plesk Panel: Root compromise - Existing account Two vulnerabilities in Parallels Plesk Panel allow for privilege escalation. This can allow an attacker to run arbitrary code as the root user! 2) ASB-2013.0058 - ALERT [Win][UNIX/Linux] Oracle Java: Multiple vulnerabilities Even more Java vulnerabilities patched this week by Oracle! The most severe Impact/Access for this was Execute Arbitrary Code/Commands -- Remote/Unauthenticated. 3) ASB-2013.0057 - ALERT [Win][UNIX/Linux] Oracle Products: Multiple vulnerabilities 26 Oracle products (not including Java) got patches delivered this week with Oracle not providing too much information on the vulnerabilities. 4) ESB-2013.0538 - [RedHat] kernel: Multiple vulnerabilities A couple of vulnerabilities in the Red Hat 6 kernel creates conditions which may allow an existing unprivileged user to escalate their privileges. That ends our week in review. Stay patched and have a great weekend. Regards, Parth Shukla Information Security Analyst