Infosec Weekly Radar, January 9 – 15, 2012

Sudatel and Alahdath Database Leaked by Anonymous

Two attack have been observed over this week by anonymous that are targeting sudanian government, the first is against Sudatel a sudanian based telecommunication operator and ISP where database of users have been dumped to publish a list of sensitive information, the second is targeting alahdath.sd a news/media website and as we all know that Anonymous never targets media.

Sudatel : http://pastebin.com/ru9PzDxr  Alahdath: http://pastebay.com/273226

Creating an IOC to Spot the Duqu Family

An Interesting analyses for DuQu by mandiant where it provides more information about how the malware operate and what encryption process they use:

“Duqu has been getting a lot of attention in the media.  According to Symantec, there are 15 confirmed variants found thus far.  One of the interesting challenges posed by Duqu is that every instance appears to be unique.  Also, the main components are encrypted on disk, therefore restricting our search space to in-memory.”

https://blog.mandiant.com/archives/2074

Anti-Virus Comparative –summary report 2011

AV-Comparative have published their annual report with briefing about their finding during 2011, the winner for this year is Kaspersky lab. It is important to note that if you are looking for a security product you need to define your requirement in term of security and look at the security extensions of each of them.

http://www.av-comparatives.org/images/stories/test/summary/summary2011.pdf

Internet Security Guard Another Fake AV

Another fake antivirus sample have been analyzed by XyliBox , the malware claim that it is a security product and will help victim to remove viruses that most AV do know about:

“Internet Security Guard is a fake Antivirus. This rogue displays fake alerts to scare users. It replaces Home Security Solutions, Home Safety Essentials, Anti-Malware Lab,System Smart Security, PC Security Guardian, Best Malware Protection, Internet Security Essentials, Smart Internet Protection 2011, Personal Internet Security 2011,Personal Security Sentinel, Internet Antivirus 2011, Internet Security Suite, Smart Security, My Security Shield, Security Master AV, My Security Engine, Security Guard, CleanUp Antivirus and Security Antivirus”

http://xylibox.blogspot.com/2012/01/internet-security-guard.html?spref=tw

Computer Virus Swipes Data from Japan’s Space Agency
Viruses are not only on earth but we can find them even in the space:

“A computer virus infected a data terminal at Japan’s space agency, causing a leak of potentially sensitive information, officials announced today (Jan. 13). The Japan Aerospace Exploration Agency (JAXA) discovered the malware Jan. 6 on a terminal used by one of its employees. A trace showed that the computer virus had gathered information from the machine, officials said.”

http://www.securitynewsdaily.com/japan-space-agency-computer-virus–1495/

Share