USB drives left in car park as corporate espionage attack vector

A number of infected USB flash drives were recently left in the car park of Dutch chemical firm DSM in a failed corporate espionage attempt. According to a report from Dutch newspaper Dagblad De Limburger, these drives were planted by an unknown party in hopes that one or more of the company's employees would insert them into their office systems.

However, instead of plugging it into one of the company's systems, an employee who found one of the USB sticks turned it over to DSM's IT department. Upon examination, they discovered that the drives contained malware that was set to automatically run upon being inserted into a computer. The malware is said to have been a key logger designed to capture usernames and passwords, and access the company network to send them to an external site.

Upon finding this, the company blocked all access to the IP addresses which the malware attempted to contact. Because, they say, it was a clumsy attempt to steal data and as no damage was done, DSM decided not to contact the police.

Would you report to the police?

Disable Windows Sidebar and Gadgets NOW on Vista and Windows 7. Microsoft warns of security risk

Users of Windows Vista and Windows 7 have been advised to completely disable their Windows Sidebar and Gadgets, in response to what appears to be a serious security risk.

The Windows Sidebar is a vertical bar that can appear at the side of your desktop, containing mini-programs (known as gadgets) that can provide a number of functions such as a clock, the latest news headlines, weather report and so forth.

A security advisory issued by Microsoft's security team advises that vulnerabilities exist that could allow malicious code to be executed via the Windows Sidebar when running insecure Gadgets.

The warning comes ahead of a talk scheduled for Black Hat later this month by Mickey Shkatov and Toby Kohlenberg. Shkatov and Kohlenberg's talk, entitled "We have you by the gadgets", threatens to expose various attack vectors against gadgets, how malicious gadgets can be created, and the flaws they have found in published gadgets.

"We will be talking about our research into creating malicious gadgets, misappropriating legitimate gadgets and the sorts of flaws we have found in published gadgets."

If the researchers have managed to find ways to exploit existing gadgets that's particularly worrying.
Clearly Microsoft is worried about the security researchers' findings, and has issued a "Fix It Tool" which will protect Windows 7 and Vista users by entirely disabling the Windows Sidebar and Gadgets functionality.
Yes, that's right. Microsoft hasn't issued a security patch to fix the vulnerability. They're suggesting you completely nuke your Windows Sidebar and Gadgets.

Which is bad news if you found those sidebar gadgets useful. You better find a new way to tell what time it is, or catch the latest from your favourite RSS feeds.

Sorry if it causes you any pain, but I would recommend you follow Microsoft's advice if you run Windows 7 or Vista and apply their "Fix It tool" as soon as possible. It may be a sledgehammer to crack a nut - but it's a nut that needs smashing, and fast.

Interestingly, Microsoft has dropped Gadgets from the upcoming Windows 8. In retrospect, that was probably a very good idea.

FixMeStick: USB device for removing malware

FixMeStick has launched the first ever, consumer-ready USB device for removing viruses from infected PCs.



The principles of the FixMeStick are not new to security IT professionals: multiple anti-virus engines increase the number of detectable viruses, and clean external scanning devices prevent viruses from hiding or from interfering with their removal. But, for the first time, FixMeStick has built these principles into a ready-to-go USB device.

"This is about enabling everyone to rid their machines of malware," says co-founder Marty Algire. "And it will help people continue to enjoy their computers and the Internet."

The FixMeStick costs $49.99 for an unlimited number of uses on three PCs per year. Renewals can be purchased for $24.99 annually.

The FixMeStick is powered by three of the biggest names in anti-virus software: Kaspersky Lab, Sophos, and GFI.

"This collaboration will allow organizations and their users to significantly minimize the impact of a malware infection," stresses Michael Rogers, Vice President, Global Alliances & OEM at Sophos.

IE 9.0.6 Now Available, Fixes Security Flaws

I remember just a few years ago when Internet Explorer was the laughing stock of the browser community. It lacked the functionality that other browsers had while lacking even basic security functions. It's what led to the impression that IE was a virus haven, but Microsoft has made great strides in making IE a more attractive and secure browser. The new update today only reaffirms that.

Microsoft today announced the release of Internet Explorer 9.0.6. It fixes "five privately reported vulnerabilities in Internet Explorer." The worst vulnerability would allow "remote code execution" if a user visited an infected Web site. This would allow somebody to gain control of the PC in question with the same user rights as the local user.

These are the kind of vulnerabilities that can lead to the creation of a botnet. People visit a Web site and get their computer hijacked by a foreign party. Their computer then becomes part of the botnet collective which usually goes unnoticed by the user if the creator of the botnet is good at their job.

Microsoft says that this updated is rated critical for IE6, IE7, IE8 and IE9 on Windows clients. It's rated moderate for the same versions of IE on Windows servers. You can check out the full security bulletin for all the information including which operating systems are affected.

If you have automatic updating turned on, the update should have already been applied. If you're like me and have automatic updates turned off, you can apply it the usual way through Windows Update. While I don't use Internet Explorer and many Windows users reading this now probably don't either, it's still suggested that you install the update. There's always that small chance of a friend using your computer and browsing with Internet Explorer. It's better to be safe than sorry.

Trojan posing as Flash Player for Android

Russian Android users are constantly targeted with Trojans posing as legitimate apps. Last month it was fake Instagram and Angry Birds Space apps, this time the lure is a bogus Flash Player for Android:



"When users opt to download and install the said fake app, the site connects to another URL to download a malicious .APK file," Trend Micro researchers warn.

The file in question is a premium service Trojan that saddles users with unwanted charges.

Both the website offering the fake app and the one from which the Trojan is downloaded are hosted on the same IP address - a Russian domain.

"Based on the naming alone used in these URLs, it appears that Android is a favorite target for cybercriminals behind this scheme," conclude the researchers.

55,000 Twitter Accounts Hacked, Passwords Exposed

Hackers appear to have successfully exposed the passwords of as many as 55,000 Twitter accounts yesterday, sparking the website to conduct an investigation into just how the security breach occurred.


The hack was first reported on the blog Airdemon.net where it was said that "anonymous hackers" - note that it's not the proper Anonymous, as in the hackivist collective, but it's not clear whether that punctuation difference was intentional or not - gained access to the the accounts, some of which are said to belong to celebrities. The account information was so enormous that it took five pages on Pastebin to share all of the information.

According to CNET, Twitter is looking into the breach and have notified the affected accounts with notices to reset their password.

Yesterday evening, Twitter, via the @twittercomms account, said that many of the accounts affected were duplicates or spam-ish.

@twittercomms Twitter CommsThe list of alleged accounts & passwords consists of more than 20,000 duplicates. Also suspended spam accounts & incorrect login credentials
12 hours ago via Twitter for Mac ·  Reply ·  Retweet ·  Favorite · powered by @socialditto

After crunching the numbers and identifying the duplicate accounts shared on Pastebin, Anders Nilsson at Säkerhetsbloggen determined that the total amount of actual accounts is 34,062 and, of those, only 25,068 appear to be legit. He also postulates that a majority of the accounts appear to be associated with email accounts from Brazil, which would make sense since when I looked at the list of account info on Pastebin my browser offered to translate the webpage into Portuguese. More interesting, Nilsson also points out that the list of yesterday's hacked accounts appear to be accounts that were hacked last summer.

So maybe Twitter's right to downplay this security breach and it's not really as threatening or legitimate as it first appeared to be. Do you think Twitter's responded appropriately, or should it be taking the matter a little more seriously? Think this situation is more hoax than actual hack?

Update [14 May 2012]: Even though the sentiment is pretty much summarized above, here is the official Twitter statement a spokesperson provided to WPN:

We are currently looking into the situation. In the meantime, we have pushed out password resets to accounts that may have been affected. For those who are concerned that their account may have been compromised, we suggest resetting your passwords and more in our Help Center.

It's worth noting that, so far, we've discovered that the list of alleged accounts and passwords found on Pastebin consists of more than 20,000 duplicates, many spam accounts that have already been suspended and many login credentials that do not appear to be linked (that is, the password and username are not actually associated with each other).