Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

2011's biggest security snafus

Ellen Messmer | Dec. 2, 2011
Perhaps it was an omen of what was to come when the city of San Francisco on New Year's Eve 2010 couldn't get a backup system running in its Emergency Operations Center because no one knew the password.

Other actions this years from Anonymous are believed to have been against online resources associated with Tunisia, Brazil, Zimbabwe, Turkey, Australia, the Malaysian government and the Florida Chamber of Commerce. More recent Anonymous hactivism this year has focused on child-porn sites and the Mexican drug cartel, which is accused of taking an Anonymous participant captive.

Duqu: Something we're not looking forward to

The virus known as Duqu hit the security stage in October when the Hungarian research laboratory CrySyS shared its analysis of the new threat with the world's top antivirus vendors.

Security vendor Kaspersky Lab then identified infections with the new Duqu malware in Sudan and, more important, in Iran, the main target of the Trojan's predecessor -- Stuxnet. Believed to be closely related to the Stuxnet industrial sabotage worm, from which it borrows code and functionality, Duqu is a flexible malware delivery framework used for data exfiltration.

The main Trojan module has three components: a kernel driver, which injects a rogue library (DLL) into system processes; the DLL itself, which handles communication with the command-and-control server and other system operations, like writing registry entries or executing files; and a configuration file.

CrySyS ultimately released a toolkit to detect and remove the virus from affected systems. Microsoft too released a Fix-it tool to allow Windows users to manually patch their systems to thwart the Duqu threat.

Duqu is believed to have been created for targeted attacks against organizations and it is likely the malware will be a big story in 2012.

10 Days of Rain

A multi-tiered botnet attacked South Korean computers for 10 days in March, proving to be a stubborn force that couldn't be taken down. Then suddenly it just stopped, with the malware delivering a coup de grace to the zombie machines that destroyed files and rendered the machines unbootable. Security experts at McAfee say the attack was launched from North Korea, and that its level of sophistication -- 40 command and control servers, code updates to thwart detection, multiple encryption schemes -- was far beyond what was needed to run an effective DDoS attack. McAfee's spin: 10 Days of Rain was a reconnaissance mission designed to gauge how and how quickly South Korea's government and military contractors would react -- valuable information for a later, truly damaging attack.


Previous Page  1  2  3  4 

Sign up for Computerworld eNewsletters.