MAJOR BOTNET ATTACK

COMPUTERWORLDUK

http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=17351

The attack targets Facebook users with a spoofed message that claims recipients' Facebook passwords have been reset as a security measure. The messages, which come bearing subject lines such as 'Facebook Password Reset Confirmation', include a file attachment that supposedly contains the new password.

In fact, the attached .zip file includes a Trojan downloader, dubbed 'Bredlab' by some antivirus companies, 'Bredolab' by others. The downloader grabs a variety of malware from hacker servers, including fake security software, or 'scareware', and installs attack code and rogue antivirus applications on the compromised PCs.

Multiple security companies, including Symantec, Trend Micro, MX Lab and Websense, have put out warnings about the attack campaign. "This variant of Bredolab connects to a Russian domain and the infected machine is most likely becoming part of a Bredolab botnet," said Shunichi Imano, a security researcher at Symantec, in a post to the firm's security blog .

Jamie Tomasello, Cloudmark's abuse operations manager, said her company alone has detected nearly three-quarters of a million phony Facebook messages since Monday. "Our count continues to go up, and is at about 735,000 now," said Tomasello. "It's a pretty high volume."

According to Tomasello, both desktop clients and ISPs that use Cloudmark to filter potentially malicious mail have reported receiving the fake Facebook e-mail.

Because of its huge base - last month Facebook said it had more than 300 million users - the site is a frequent target for hackers and identity thieves.

Last March, for example, the Koobface worm made the rounds on Facebook, as well as other social networking sites such as MySpace and Friendster, infecting large numbers of users.

Facebook did not respond to a request for comment on the attacks, or to questions what it is doing, or can do, to stymie the campaign or warn its users.

Employment Opportunity: UK

Employment Opportunity: USA

The White House Blog

Protecting Yourself Online

Posted by Cammie Croft on October 15, 2009 at 04:55 PM EDT

To help raise awareness among all Americans of online threats, October has been designated National Cybersecurity Awareness Month and we’ve exposed some of the most common cyber threats in previous blog posts. President Obama continues these efforts in the video below by explaining the importance of cybersecurity and strategies you can take to protect yourself online. To learn more about the strategies mentioned in the video, visit OnGuardOnline.gov and DHS.gov/Cyber.

President Obama Address

President Obama Addresses Members of the Joint Terrorism Task Force

The President speaks to members of the Joint Terrorism Task Force after touring its New York headquarters. October 20, 2009. (Public Domain)

http://www.whitehouse.gov/photos-and-video/video/president-obama-addresses-members-joint-terrorism-task-force

Grand Opening of JPMorgan Chase Technology Center at SU Celebrated Today

SYRACUSE, N.Y.--(BUSINESS WIRE)--JPMorgan Chase and Syracuse University marked the grand opening today of the JPMorgan Chase Technology Center at SU, an on-campus facility where students and faculty will work side-by-side with bank employees conducting research and running the bank’s global technology operations.

SU Chancellor and President Nancy Cantor, JPMorgan Chase Chief Administrative Officer and Operating Committee Member Frank Bisignano and New York State Assembly Speaker Sheldon Silver were among those who cut the ceremonial ribbon to officially open the facility, an important centerpiece of the unique corporate-university collaboration established by JPMorgan Chase and SU in June 2007.

MORE: http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20091006005808&newsLang=en

http://www.syr.edu/news/articles/jpmc-women-minorities-10-09.html

http://globaltech.syr.edu/courses.aspx

The Arms Race between Black Hats and White Hats Steps Up with URLZone Trojan

by RSA FraudAction Research Lab on 10/5/2009 12:00:00 AM

Topics: Identity Protection | Man in The Middle | Online Fraud, Fraudsters | Phishing
complete article: http://www.rsa.com/blog/blog_entry.aspx?id=1530

The arms race between cybercriminals and security professionals has recently stepped up, with the online gang behind the URLZone Trojan driving one more rung into the evolutionary ladder of online crime.

As man-in-the-browser (MITB) attacks gain momentum and prevalence in the cybercrime space, the criminals who launch these attacks continue refining their tools and techniques to facilitate the cashout of stolen online banking accounts.

The URLZone gang had known that it was being closely watched, researched and scrutinized for quite some time before last Wednesday’s publication of Finjan’s Cybercrime Intelligence Report, (Issue number 3, 2009). The secure web gateway provider details its findings with respect to URLZone, a Trojan that attacked online banking customers in Germany. Aware of their crimeware being probed and examined, the gang took proactive measures in an attempt to prevent their mule accounts from being exposed by anti-fraud security researchers and law enforcement agencies. (See Business Success in a Dark Market: An Inside Look at the Fraud Underground on the RSA Online Fraud Resource center for more information about mules).

AFA officer wins cyberwarfare award

by Butch Wehry
Academy Spirit staff writer

http://www.usafa.af.mil/news/story.asp?id=123163387

Posted 8/14/2009

8/14/2009 - U.S. AIR FORCE ACADEMY, Colo. -- Academy Capt. Michael Henson participated as a member of the red team in a cyber capture the flag event held by the New York City chapter of InfraGard July 21-22. He returned with a Bokken Katana sword for dominating the competition and placing first among the red cell.

A bokken is used as an inexpensive and relatively safe substitute for a real sword, and is used in training for several martial arts. Bokken are used in kendo kata, a form of training to develop technically correct movements.

"I'm a firm believer that we need to understand how we are attacked in order to do a good job defending against attacks," said the Academy Assistant Professor of Computer Science. "I was actually surprised to take away the first-place win on the red team since this was my first 'official' capture the flag event." Although it was his first time participating as a member of the red cell, he has worked as a member of multiple blue cell teams over the past eight years. He was invited to the competition by a professor at the Coast Guard Academy who also works for Cisco networks. That professor also competed in the competition which was held at Cisco's facility in Manhattan.

InfraGard is a partnership between the Federal Bureau of Investigation and businesses, academic institutions, state and local law enforcement agencies and others dedicated to sharing information and intelligence to prevent hostile acts against the United States. InfraGard chapters are geographically linked with FBI Field Office territories.

"During the two-day event, I competed against 13 red team members to gain and maintain entry into defenders' networks and obtain flags proving entry into databases and other areas while blue cell members worked to keep me out," said the officer from East Wenatchee, Wash. His primary targets were defended by a graduate team from New York's Fordham University and their Professor, Dr. Frank Hsu. Fordham University hosted the 2009 International Conference on Cyber Security. The capture the flag event has been mentioned in several highly visible security blogs including one at Tenable Security and Solera Networks.

"It's cliché, but it really is true that network defenders need to be right all the time whereas the attacker ... which happened to be me this time ... only has to be right once in a while to get in," he said. Computer security professionals are fully aware of this situation which is why much of the focus is on "fighting through" and quick recovery if and when an adversary compromises a system. "I also learned a few new techniques for gaining access to certain types of systems and applications and what to look for when I'm trying to defend them."

Captain Henson initiated the Air Force Academy's newest cadet club, the Cadet Cyber Warfare Club which is now a few months old. The concept of the club is to take an interdisciplinary approach to providing network attack and defense skills and education to future Air Force Officers.

"We have been developing much of our own training modules but are now benefitting from relationships with Air Force network warfare squadrons and other entities both inside and outside of the Air Force," he said. "By aligning our training with current network warfare operators in the Air Force we provide a service to both the cadets and the Air Force."

As the Air Force continues to work the education and training piece for the cyber warrior force the Academy is producing officers capable of easily stepping into network warfare units. If initial network warfare training is required at those units, officers should be able to, at the very least, move through that training rather quickly if not "test out" of some of the training altogether.

"Our vision is to produce officers capable of operating in and dominating the Cyberspace domain and also to provide a frame of reference for those who may never directly work as a network warfare officer," the captain said. "In the same way that all Air Force Airmen need to understand the Air and Space domains we want to produce a cross-section of officers who fundamentally understand cyberspace and the tools and options network warfare operators can bring to the fight."

Currently, there are approximately 60 cadets in the Cyber Warfare Club but that number is expected to rise. "The club will have a booth at the "Blue Rush" event Saturday," Captain Henson concluded.

October 2009 is National Cyber Security Awareness Month (NSCAM)

October 2009 is National Cyber Security Awareness Month (NSCAM), which the FBI endorses and participates. The NSCAM event has been held every October since 2001, as a national awareness campaign to encourage everyone to protect their computers and our nation's critical cyber infrastructure.

Cyber security requires vigilance 365 days per year. However, the Department of Homeland Security, the FBI, the National Cyber Security Alliance, and the Multi-State Information Sharing and Analysis Center, coordinate to shed a brighter light in October on what home users, schools, businesses and governments need to do in order to protect their computers, children, and data.

Ultimately, our cyber infrastructure is only as strong as the weakest link. No individuals, business, or government entity is solely responsible for cyber security. Everyone has a role and everyone needs to share the responsibility to secure their part of cyber space and the networks they use. The steps we take may differ based on what we do online and our responsibilities. However, everyone needs to understand how their individual actions have a collective impact on cyber security.

Thanks,

John "Chris" Dowd
Unit Chief
Public/Private Alliance Unit
Strategic Outreach and Initiative Section
Cyber Division