Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-12-04 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Hacker Challenge

Published: 2006-12-05
Last Updated: 2006-12-05 14:38:04 UTC
by Ed Skoudis (Version: 2)
0 comment(s)
Hey, challenge fans!  If you like Windows, Linux, netcat, chimneys, ciphertext, and so on, I've posted a Christmas-themed hacker challenge.  You remember the movie, A Christmas Story... with the Messy Marvin kid, the interesting lamp, and the Red Rider Beebee gun.  That's the theme, but adapted to a hacking scenario.  If you enter by December 22, you are eligible to win a prize.

--Ed Skoudis
Intelguardians
Keywords:
0 comment(s)

Is your banks Online security policy making it more of a target for Phisher's?

Published: 2006-12-04
Last Updated: 2006-12-04 17:49:31 UTC
by Deborah Hale (Version: 2)
0 comment(s)

This morning in the Handler's secret room, we were having a discussion about financial institutions and there supposed security policy making them a lucrative target for spamming and phishing.  Our discussion centered on
how they attempt authentication and if this authentication actually increases the likelihood that your account will be compromised. 

One example:
A bank or financial institution implements a security policy that requires you to answer a question in addition to your user id and password.  This sounds great right, a "two factor" method of identification.  Well, maybe not...  You see, if you can't answer the question correctly in addition to your correct user id and password, your account gets locked out.  Ok so now what.  You call the bank and say darn it all my account got locked out....  What does the bank say?  Ok we will reset your password, what email address do you want the new password sent too. Oh, by the way - the new password email will not come from us.  We have someone else send it.  Hmmmm....  Oh - by the way, you may want to check your spam filter because the email make get stopped.

Seriously, what are they thinking? 

What do you think?  Does your bank or financial institutes method of authentication make you a more lucrative target?



Keywords:
0 comment(s)

Speaking of Predictions

Published: 2006-12-04
Last Updated: 2006-12-04 16:11:46 UTC
by Deborah Hale (Version: 1)
0 comment(s)
Last year in December I posted a diary asking for predictions from our readers about what they thought the New Year would bring. 

Let's take a look at what our readers said:

Predictions 2006

So how did we do?

1) Web Born Worms - Yep, there has definitely been an increase in them.  From MySpace to CNNWarNews we have seen an increase in worms inplanted and ready to move at a moments notice.
2) RSS Malcode - Again, we have indeed seen an increase in RSS exploits.
3) Trojans outpace worms - If you take a look at Symantec, McAfee and other AV software companies, I think you will see that this too has come to pass.  There are more "Trojanesq" exploits than actual viruses and worms.  I think the criminal types have figured out that they Trojan's are more profitable.
4) Voice over IP phishing - Yes - we have indeed seen a few of these this year.
5) Xbot 360 - Hmm - Not sure about this one.  I haven't heard anything about this at least.
6) Cross Site Scripting attacks - Oh yeah, we have indeed seen a few of those.
7) Zero days - We have seen an increase in zero days. 

So I would say our readers did pretty well.  6 out of 7 ain't bad.

So what do you think? What will 2007 hold in store for us?   More of the same or something new on the horizon. Let us know.


Keywords:
0 comment(s)

Phishers Don't Like Monday

Published: 2006-12-04
Last Updated: 2006-12-04 15:55:24 UTC
by Deborah Hale (Version: 1)
0 comment(s)
"Symantec is declaring 2006 as the year that fraud grew up."

That is an interesting opening to the article that discusses the changes that Symantec has witnessed over the last year in regards to phishing and the evolution of the tactics and methods used to attempt to defraud the cyber community.  According to their observations they indicate an increase in VOIP and SMS targets. 

Symantec's observation is that the bad guys like 3 day weekends as well and take a break from their life of crime.  They also indicate that Mondays are usually the quietest days for new phishing emails and Tuesday they ramp back up.  Humm.  Interesting, guess I will have to pay closer attention to the spam in my filter.

Vnu Article
Keywords:
0 comment(s)

McAfee's Top 10 Predictions for 2007

Published: 2006-12-04
Last Updated: 2006-12-04 15:42:41 UTC
by Deborah Hale (Version: 1)
0 comment(s)
McAfee predicts that malware hidden inside Video Files will be the item plaguing computer users this coming year. 

According to McAfee,  "The malware phenomenon is fuelled by a growing online market for identity theft, spam and adware. This is prompting criminals to more closely mimic the processes that have been adopted by legitimate software developers such testing and quality assurance procedures, the security vendor observed."

With the recent discovery of the "realor worm" which they indicate is just the first of many "Movie Trojans". They maybe on to something.  Unfortunately the bad guys will do whatever it takes to make money. 

To see the other items on their list of top 10 take a look at:

Viruses coming to a screen near you.


Keywords:
0 comment(s)
Diary Archives