Threat Level: green Handler on Duty: Pasquale Stirparo

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2005-05-17 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Corporate Espionage Made Easy with Spyware; Honeynet KYE: Phishing paper Published; Some New Vulnerabilities

Published: 2005-05-17
Last Updated: 2005-05-18 06:09:23 UTC
by John Bambenek (Version: 1)
0 comment(s)

Corporate Espionage Made Easy with Spyware



For now most spyware (of the more malicious variety) simply tries to passwords to banking sites, social security numbers, and the like. This is part of the ongoing trend of malicious online activity being driven by money. Spam would not be taking place if people were not making money off of it. The only reason you would want to steal someone's online banking information is for the money in it. Here's a new scenario, one I think we'll be seeing sooner or later.



- Take standard spyware that installs a keylogger.

- Throw the keylogger part out.

- Put in easily coded software that will mail out any documents (.xls, .doc, etc) that it finds on the system.

- Threshold the software so it either doesn't kill the mail server and escapes detection, or make it send all of it at once hoping the human response time won't be fast enough to stop it.



You can tighten the example anyway you want. Have the software only work if the system is on a certain domain (say .microsoft.com), have it send only on weekends when people are less likely to notice a slow machine or lots of e-mail, etc. If you are an organization that has trade secrets or confidential information do you monitor and/or control what e-mails make it out of your organization? You should start. I haven't seen any real-world examples, if you have let me know. Also send me feedback and your thoughts (bambenek -at- gmail -dot- com).


Honeynet KYE: Phishing paper Published



The Honeynet projected published a "Know Your Enemy: Phishing" paper today. The paper focuses on observed examples and goes in-depth to analyze the intent and method of phishers in getting information. The paper is available here:
http://www.honeynet.org/papers/phishing/

Some New Vulnerabilities



None are huge issues but shouldn't be left unaddressed.



- Microsoft Windows XP/2003 IPv6 Remote Denial of Service Exploit
http://www.frsirt.com/exploits/20050517.LandIpV6.c.php



- Linux Kernel 2.6.x "ioctl_by_bdev()" Local Denial of Service Exploit
http://www.frsirt.com/exploits/20050517.kernel26dos.c.php

<Br>
- procps vmstat "p" Argument Local Stack Overflow PoC Exploit
http://www.frsirt.com/exploits/20050517.vmstat_p0c.c.php



- Gaim 1.2.x URL Handling Remote Buffer Overflow PoC Exploit
http://www.frsirt.com/exploits/20050517.gaimpoc.php

<Br>
===========================

John Bambenek

bambenek -at- gmail -dot- com
Keywords:
0 comment(s)
Diary Archives