If you are having trouble viewing this email, click here to view this online
 |
| |
|
VOLUME 19 |
ISSUE 19 |
21 March
2013 |
| |
|
Article of the Month |
|
|
|
Around the World |
|
Botnet
|
To an
avid IT security connoisseur, the recent news of mass cyber-attacks using
�bots and Zombies� would not be alarming. This would not make this enthusiast
think, even for a moment, that the computer world has been over taken by the
living dead or better yet alien forces, but only one thing would come to mind
"Botnets". |
|
|
|
|
|
|
|
|
|
|
Botnet, according to google, is a collection of
Internet-connected programs
communicating with other similar programs in order to perform tasks (google, retrieved 2013, March 9 from http://en.wikipedia.org/wiki/Botnet). The term bot
is derived from �ro-bot �. Bot is a generic term used to describe a script or
set of scripts designed to perform predefined functions in automated fashion
(SANS,retrieved
2013,March 9frommalicious/bots-botnet-overview_1299 ).
Because
of their network-based,coordinated and controlled nature; Botnets are currently
one of the most dangerous species of attacks that roam the Internet.
Deriving their power both in their cumulative bandwidth and their access
capabilities, botnets can cause severe network outages through massive
distributed denial-of-service attacks.
(retrieved2013,March9from http://cdn.intechopen.com/pdfs/39021/InTech-Botnet_detection_enhancing_analysis_by
Botnet_detection_enhancing_analysis_
by_using_data_mining_techniques.pdf)
Because
of their distributed architecture,and their propagating, self-organizing,and
autonomous framework that is under a command and control (C2 or C&C)
infrastructure, botnets are quietly different from other types of known malwares.
They can spread over millions and millions of computers with the same nature as
worms do.However what makes it even more dangerous is that unlike worms, zombie
nodes in a single botnet can work in co-operation and at the same time be
managed from a single �hive-like� mentality.
Because
of this, botnets cannot be classified into the standard groups of threats like
we do for other malwares.From the many works that try to summarize the taxonomy
of botnets,we can understand that there are main classification areas of botnets
are the topology of C&C architecture used, the propagation mechanism,the
exploitation strategy and available set of commands used by
perpetrator.(retrieved 2013, March 9 from http://cdn.intechopen.com/pdfs/39021/InTech-Botnet_detection_enhancing_analysis_by_using_data
_using_data_mining_techniques.pdf
)
The
creation of a botnet requires high level of planning, coordination and deep
technical skill. A good, functional botnet can be characterized as a
professionally designed and built tool,intended to be re-entered or sold for use
by anyone with a novice skill set, on up (The hacker
news,Retreived2013,march11from http://news.thehackernews.com/THN-August2012.pdf).
However
the elements used for the infection and subsequent hijacking of a computer into
a botnet are only 3:
|
|
1. . |
|
|
Used to
infect the computers by tricking users into clicking an executable file.This can
be done in a variety of ways such as drive-by infections,malicious PDFs and
infected USB sticks. |
|
|
2. |
Used to enables the cyber-criminal to issue
instructions to the infected computer�s Trojan. |
|
|
|
|
|
3. |
Used for the collection of information harvested
from victims. |
|
. |
|
|
|
ComputerWeekly.com,retrieved 2013, March 10 from
http://www.computerweekly.com/feature/Setting-up-a-botnet-is-easier-than-you-think)
Besides being
used to perform the normal set of attacks spamming, malware spreading, sensitive
information leakage,identity fraud, click fraud;this ingenious technique are
very valuable instruments in carrying out Advanced Persistent Threats (APT) for
critical organizations. Nevertheless the most famous,and
yet very dangerous,threat posed by the use of Botnets is �Denial of Service� (DoS)
attacks.This can be even made much more severe by ensuring that the targeted
organization'snetwork bandwidth is consumed from wide range of IP addresses,i.e.
a distributed environment (DDos), where the victim's system/network
administrator would not be able to isolate the source IP addresses used in the
exploit,i.e. to add to the blacklist,as it would seem to come from regular
end-user. Even if evidence reveals that most commonly
implemented by botnets are TCP SYN and UDP flooding attacks (Freiling, Holz, &
Wicherski, 2005),the newest botnets are designed in such a w as to make
discovering and eliminating the source of control even more difficult. Instead
of using the traditional command and control, server-centric model ( such as IRC Server),the new botnet is said to utilize the peer to peer protocol that has
been made popularized on the internets by many file sharing applications found
on many plat forms .Using peer to peer, or p2p, it is no longer necessary to
send commands from a physical server location. The internet protocol address, or
IP, is dynamic (meaning constantly changing). The benefit of this is that it is
much more difficult to trace back to the source (The hacker news, Retreived
2013, March 11 from http://news.thehackernews.com/THN-August2012.pdf). |
|
|
In 2007 this new kind of botnet arrived using an
encrypted implementation that was based on the eDonkey protocol, originally
called W32/Nuwar but later gained fame as the Storm worm. |
|
. |
Storm had about 100 peers hardcoded into it as hash
values, which the malware decrypts and uses to check for new files to download (Mcafee,
retirevied 2013,march11from, http://www.mcafee.com/in/resources/white-papers/wp-new-era-of-botnets.pdf).
|
|
. |
What made this even more interesting is that all
these transactions were encrypted, so only the malware itself could decrypt and
act upon the answers. The replies generally lead to URLs that download other
binaries.Storm was responsible for the vast majority of spam during 2007�2008 until it was taken
down. |
|
|
|
|
|
Initially Bots had run almost exclusively on versions of Windows.Recently,
though, localized versions have emerged. Using the script language Perl, hackers
created versions that ran on several flavors of Unix and Linux (Mcafee,
retirevied 2013, march 11 from).
Due to
the �open� format, of the later formats, and the boom in Android application and
packages; new impetus has been injected to the use of Botnets. As this new
Market has few restrictions when it comes to registering as a developer, which
is implemented to encourage app developers to adopt the platform, this makes it
is easier for cybercriminals to upload their malicious apps or their Trojanized
counterparts. Concepts such as BYOD being implemented in many blue chip
organizations, has allowed the introductions of many mobile devices which run
Android Operating Systems. By this, the attack surface has been considerably
incremented. The attack vector had been made greater as mobiles are simpler to
infect through any infected media. ( The hacker news, Retreived 2013, march 11
from http://news.thehackernews.com/THN-August2012.pdf)
|
|
With the
recent trends in cyber-warfare it would not be long where Botnets would be
purchased or rented on the black market, or even worse be forcibly taken over
from their nefarious owners and redirected to new targets. We know these things
occur regularly, so it would be naive to not expect that government
organizations or nation states around the globe have involved themselves in the
acquisition of botnet capability for offensive and counter-offensive needs (Mcafee,
retirevied 2013, march 11 from http://www.mcafee.com/in/resources/white-papers/wp-new-era-of-botnets.pdf). |
|
. |
|
|
. |
As Cyber threats
grow exponentially with new forms of attack vectors, security professionals need
to be on guard and try to think out of the box in order to, not only detect
potential attacks, but to thwart them as well. It can also be noted that time
tested strategies such as defence in depth, Layering of Technologies, etc. would
not be sufficient to prevent this theat. Conversely these may in fact give rise
to the potential perpetrator having more attack vectors to perpetrate the crime.
The best approach, I feel, is an easy one. That is, just to ensure that our own
curiosity doesn't take us to places where our computer would rather not go. Or
else we may just be the reason why botnets are able to grow at such an alarming
rate.
|
|
. |
Kumar is
in the Board of Directors of ISACA Sri Lanka Chapter, serving as the Marketing
Director. Kumar works as an Information Systems Auditor at SJMS Associates, an
esteemed firm of Chartered Accountants backed by Deloitte Touche Tohmatsu.
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| | |
|
|
|
|
|
| |
|
 |
|
| |
|
 |
| |
 |
10 security best practice guidelines for consumers |
| |
|
 |
| |
|
'....Consumers need to
proceed with extra caution to avoid scams, viruses, social engineering
attempts, privacy-leaking apps, and malicious software of every flavor. These
guidelines will keep you on the straight and narrow......' |
|
|
|
|
|
|
|
|
Hackers also attack
Czech mobile operators' websites |
| |
|
|
| |
|
 |
| |
|
'....Earlier today, unknown hackers attacked the website of the Prague Public
Transit Company (DPP) alongside with the websites of T-Mobile and O2, two Czech
mobile phone operators.
It is
the latest attack in what appears to be an organized and massive DDoS campaign
against major Czech Internet websites over the past four days, between Monday 4
and Thursday 7 March, 2013......' |
| |
 |
International network of on-line card fraudsters Dismantled |
|
| |
|
 |
| |
|
'....Finnish law enforcement authorities, working closely with the European
Cybercrime Centre (EC3) at Europol, have dismantled an Asian criminal network
responsible for illegal internet transactions and purchasing of airline
tickets.
As a
result of this successful operation, two members of the
criminal gang, traveling on false documents, were arrested at
Helsinki airport. In addition, around 15 000 compromised credit card numbers
were found on the criminals? seized computers.
The
criminal network had been misusing credit card details stolen from cardholders
worldwide. In Europe alone, over 70 000 euros in losses were sustained by
cardholders and banks. In addition, there
is
evidence of further criminal activities in large-scale
international payment fraud and illegal immigration.
Coordinated investigative measures on an EU level, international operational
meetings, forensic examination of seized electronic evidence and the valuable
support from the financial services industry were key to the successful
outcome of this investigation......'
|
|
|
|
|
|
Pakistan Intelligence
agency hacked by Indian hacker |
|
|
 |
|
|
'....Hacker going by name "Godzilla" today claimed to hack into one of the
server belongs to ISI website (http://isi.org.pk)
and gets all possible secret information about Pakistan Intelligence......'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Month in Brief
Facebook Incidents
Reported to Sri Lanka CERT|CC in February
2013
| |
|
| |
Fake +
Harassment |
| |
|
Hacked | | |
|
Abuse | | |
|
Other | Genderwise
Statistics - Sri Lanka CERT|CC | Alerts
|
|
Baltimore man, 81, loses
his home following lottery fraud |
|
|
|
'....The first caller told
Norman Breidenbaugh he had won $2.5 million in a foreign sweepstakes, but
there was a catch:
Breidenbaugh needed to send
$2,000 in fees before collecting his earnings.
Other calls followed,
promising Breidenbaugh millions more ? even a Mercedes Benz ? as long as he
would wire some money to pay taxes on the prizes. He obliged, sending more than
$400,000 over about six years, hoping the promised winnings would cover his
wife's medical expenses.
The prizes never came. The
people calling Breidenbaugh, 81, were con artists from Canada and Jamaica,
claiming they were Border Patrol or Secret Service agents, a fraud scheme that
has increasingly targeted elderly people. Breidenbaugh fell behind on property
taxes and last year lost his Baltimore home......'
|
|
|
|
|
Privacy of Millions of HTC
devices at risk |
| |
 |
|
'.... More than 18
million smartphones and other mobile devices made by HTC are at risk
vulnerable to many security and privacy issue.
The Federal Trade
Commission charged HTC with customizing the software on its Android- and
Windows based phones in ways that let third-party applications install
software that could steal personal information......' |
|
|
|
|
|
|
|
|
|
| |
Notice Board |
| |
Training and Awareness Programmes
- March 2013 |
| |
|
|
|
|
|
|
Date |
Event |
|
Venue | |
| |
| |
|
- |
01-06 |
Education
Leadership Development Center, Meepe |
|
Development of
Education - e content for e-thaksalawa, Grade 10-11 |
|
| - |
03 |
Gurulugomi
Vidyalaya, Kalutara |
|
Safe Use of
Internet awareness session |
|
| - |
21-25 |
Education
Leadership Development Center, Meepe |
|
1.Training for
the newly selected teachers for the education content development for e-thaksalawa
2.e-thaksalawa
content development (questions) workshop
|
| | |
| |
| |
| |
Brought to you by:
|
In a partnership with: |
| |
 |
 | |
|