Wordpress Security Tips — For the untrained :

I was reading over at Malware Diaries, about a hacker that doesn’t secure his exploits.  What gets me is that I am so surprised that he did that, then I thought about it and I read what Trend Micro had to say about it:

Creating a website is indeed a big task but, considering the present threat landscape, monitoring it and keeping it secure from attacks is a bigger one.
Website administrators have the responsibility to keep their systems malware free, secure web server files from unauthorized access, and keep their website clean of malicious codes, for their own sake and most especially, their visitors’.

[via Trend Micro blog]

Now admittedly Trend talks about the Gumblar and how they compromise websites with either a FTP password stealer or and SQL Injection.  These are a common practice with hackers and thief to get the credentials to use your server for their means.   So I wanted to talk about some things you can do to better protect your Wordpress blog.   Since I have a Wordpress Blog this was something I know about.

• Wordpress Security Scan –  This is a great plugin to help you identify and also suggests how you can fix them to prevent a hacker from getting in the first place.

Twitter and the Acai Berry Spammers

Well According to Sopho’s There seems to have been some hacking going on for the Acai Berry spam. Some of the messages were:

It seems to be a random http://random.CN domain but we’ve talked about this in the past.  Sopho’s isn’t sure how this happen but I have a suspicion that it was a Phishing attack done on the facebook users recent weeks that have the hackers going to other social sites and trying those passwords.

Although I agree with Sopho’s on making sure not to have a dictionary word, I also think users should take care of all your online accounts.   As most people will become aware of is most users use only one password for all their accounts online or only have 3 different passwords for 20 different sites.  This is something that needs to change and you can do that with Roboform to keep your passwords safe and also to make sure they can’t guessed.

If you have been compromised on t witter and only use one password, you can bet all you other accounts have been compromised as well.  You should change your passwords as soon as possible.   You should also make sure in the future not to be tricked into giving out your password which is called Phishing, in which a site with a different url is made to look like Twitter, Facebook, and Myspace log in page.

Offline Update 5.0, Clone of Autopatcher to Some!!

Offline updater 5.0 has been released a couple months ago and I just realized it now.  This is an excellent tool for IT professionals who want to keep all your Systems up-to-date with the last patches from Microsoft.  The systems it supports are Windows 2000, Windows XP, Windows Server 2003, Windows Server 2003 x64, And Windows Vista / Server 2008.(32 bit and 64 Bit updates).

I find this a very useful program for people who have a multitude of problems, from not being able to get on the net to computer virus infections.  This is really good for big businesses that want to update a lot of systems in easy way without having to wait for downloads of updates to install.   You can take a DVD and update on the fly within Mins.   DVD being Cheap or buying them in bulk helps saves time and money for the company.   Less time spent downloading the updates and more time actually getting work done.  As with the Conflicker, Downadup, and to some the Conflickr Trojan, if you got infected with that little worm.  This would help install the updates that it prevented you from doing in the first place.  I also found that once you download do the update the files are kept on the hard drive so you no longer have to redownload them again.  You just update the updates every second Tuesday of the month and it downloads the newest patches and creates a whole new ISO for you to burn.

Brace for Impact, Brace for Botnet! (Conflicker Worm)

The Worm that has infected 6% of Personal Computers is starting to build into something totally different.  According to some Researchers, they are saying this has to happen soon. And I’ll quote:

In any case, today seems better than the day before and we think that growth of Downadup has been curbed. Disinfection of the worm remains a challenge.

[Via F-secure]

Although this sounds like it has stopped, I don’t think so I am sure the worm will get even bigger.   I don’t think it has been curbed we might have a rest period before the Worms tries again.

“Why is it taking so long?” asked Huger. “That’s what we’re all asking.” He couldn’t recall an attack of this size with such a long lag time between the initial attacks and follow-on downloads of more malware to the hijacked systems.

[Via PcWorld]

Now We know this exploit is being patched as quickly as possible in some areas of the industry but that leaves the question?  What isn’t being patched, I am guess the next stage of this worm is mutant into a new worm much like the way it tries to communicate to download new software or instruction.   I believe it will be using a newer exploit so that it can infect even more computers.   I also think it will be a botnet and so does others.

Spammers defies Bill Gates ‘magic Solution’

Sopho’s published statistics and I thought I would talk about it here.   Bill Gates promised to have a Magic Solution 5 Years ago.   Sophos Also provide a Chart of the Dirty Dozen:

Sopho’s also is claiming that “US retains its crown as spam king“.    I don’t think so because of the the Other 32.4%.   The US can’t be the main culprit to spam.    So What was this ‘Magic Solution’ that they promised 5 years ago?

Microsoft has two techniques in mind for solving the spam issue, both based on the premise of changing the economics of email to place a greater burden on the sender.

[Via CBR]

Microsoft did have some good ideas but they wouldn’t work for right now because the first part of the ‘magic Solution’ was to add  mathmatical question to each and every email we sent out.   I know that this wasn’t going to work because hackers have already created a systems to get around the captcha verification.

Security Researchers warn of potential flaws in Windows

I read an article today from Techworld. I wanted to Discuss this in detail. I also found some links that suggest that Techworld is right.

Andrew Storms, director of security operations at nCircle Network Security, speculated that the latest bugs were found by researchers using information disclosed in SMB fixes Microsoft released in October and November.[va Techworld]

According to my investigation, and I have been looking. I found a few SMB Vulnerabilities. One of them is CVE-2008-4835 and CVE-2008-4834. These two are capable of Remote Code Execution, and are Consider very High on the Impact list and all.

So Did people find these exploits or vulnerabilities from the last MS 08-067 patch? I would have to conclude it is a real possibility.

Although Microsoft did patch those holes this month.  I grow to wonder just how much these hackers keeping the IT professionals on there toes.    I hope people updated their system to prevent another worm because you don’t want the worm like Downadup Do you?  I am sure there will be a worm or a virus that will exploit this in time, and I think sooner or later someone will use this just like the other one.

More Information on the downadup Worm

If your working to get rid of this Downadup Worm, F-secure is giving out a free removal tool to help with that task.   According to F-Secure Worm:W32/Downadup.gen description which Talks about how bad this worm is.

Due to companies not updating the MS 08-067 patch, it is the primary way for this worm to get onto a system.

Graham Cluely’s Blog ask a question and got quite a few answers from the users. The results of the poll are 53% believe the hackers are to blame, and 30% think the System Administrators are to blame, and 17% think Microsoft is to blame for this worm.

I have a mix feelings over who is to be blamed for this worm. I think the person who wrote this, did it for a specific reason. We can’t expect any software we use to be 100% safe, even Macintosh are not 100% safe. Microsoft isn’t to be blamed because they tried to patch this as quickly as they could. I know that companies have a hard time keeping up with Microsoft updates, and they really can’t be blamed. I think Hackers are always going to make a virus just because they can. That’s in there nature and we will never be really rid of the virus or worm writers. They are in it for the Money, to boast, to take control of, or steal sensitive information. Windows being the Alpha Dog, people are always going to test the waters because of that.

Uncovering a Virus/Trojan

Getting done with the first part really got my juices flowing. I was shopping looking and thinking about this next article. I came up to only one option turning this into a 3-5 length post due to all the content that I will have.  So where did we leave off?  Oh that is right figuring out if you have a virus/Trojan.  The instant I made a post about this 12 hours later someone make a comment and here is what he said:

Rene Van Belzen

I can’t wait to read part two of this article. I always wondered how you’d know you’re infected if a virus don’t want to be detected and no virus definitions are yet available, because the virus is so new.

Now the truth is anytime a Virus does something it usually leaves a footprint somewhere and somehow.   Even the hardest working hacker can’t plan for all possibilities and that is where we begin.   I have been helping people for a while with viruses and know that no matter how hard the virus tries to hide you can usually find it relatively quickly and easily do to virus check here are the ways I’ve done to figure out if they may or may not have a virus/Trojan.

What is a Virus and Why do I have one

After seeing more and more the updates coming from the net.  I wanted to talk about what a Computer Virus or Trojan is and how you get it.   So how did  you could of gotten a Virus in the first place.   So here are some information to consider:

The vulnerability of operating systems to viruses

So what does that mean to you?  Most of the times when you get a virus you have a vulnerability in some place in your Operating system and it is either something that has not be known by Microsoft, Apple, and Linux or is know as a Zero-day Exploit.

A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit unknown, undisclosed or patchfree computer application vulnerabilities. The term Zero Day is also used to describe unknown or Zero day viruses.

[Via Wikipedia]

This is one of the most used because if it is an unknown exploit by the Operating System creators then they have a longer to us the exploit.  Most of the time hackers like to use this because that means there is a possibility of finding even more vectors to infect other systems.  You see if they can get on one system they can then find ways to get on other systems.

Windows 7 will sport Direct X 10 Compliance!

The new feature is called WARP10, for “Windows Advanced Rasterization Platform,” and it’s essentially a DX10-compliant, software-only rasterizer that was written by Microsoft; it runs directly on the CPU. In a situation where a DX10 app needs to run but can’t find DX10-compliant hardware, it will run on WARP10, albeit very, very slowly. Ultimately, you can think of WARP10 as a “software DX10 GPU” that will exist as a fallback in Windows.

[via Arstechnica]

Vista has a new Vulnebility!

According to Techworld.com,  Vista has a new Vulnerability that could let a hacker infect a Vista machine with a rootkit.  The talk from them is quite intriguing.   I will quote it to better let you know what the Vulnerability is:

The vulnerability could allow a hacker to install a rootkit, a small piece of malicious software that is very difficult to detect and remove from a computer, Unterleitner said.

Phion notified Microsoft about the problem on 22 October. Microsoft indicated to Phion that it would issue a patch with Vista’s next service pack. Microsoft released a beta version of Vista’s second service pack to testers last month. Vista’s Service Pack 2 is due for release by June 2009.
[via Techworld.com]

The way they could do this is through the Device IO Control which in turn could corrupt the Kernel of Windows Vista.  Now we all know that Microsoft will release a patch quicker than 6 months away.  According to this article, people are already looking for the exploit and want to know more about it.  I would be willing to bet they will have a patch out sooner than later.  Probably January or Febuary, which will be a big deal because no one will expect it.  I would also imagine hackers will start trying to figure out how they could install software as quick as possible before Microsoft pushes out the patch.   So what can you do to protect yourself, Get a firewall, a Antivirus and learn how to protect yourself to prevent yourself from getting a computer virus.

What’s with Google trends?

Having been going to the Google Trends and keeping watching.  I am starting to wonder something?  Take a look at this and you tell me?

Can you see how someone might use this to create a Goog-411 and use it to promote there website? It is all about the hits and getting what publishers like to say the eyes on a website. Now is that going to confuse people or make people not want to come to a site.  So how would people abuse this?

Very Simple, they’d watch what is trending and post accordingly.  Now you as a reader would click on the website expecting to see what you want to see but instead it would popup with advertisements and maybe malware?  Check these links to better understand it:

• Skype isn’t always safe!
• Some Important programs to prevent yourself from having viruses and Malware!!

Now even though these are just a few.  You can see how someone might want to abuse it and get there site up on Google trends and be able to infect several to even millions of computers before Google sees that or stops.  You could in theory take over a website high in Google rankings and do exactly that.

Hot, sexy bot sweet-talks personal data out of chatters

Security software company PC Tools warns that the bot can easily be used for malicious purposes. The company said that the program’s ability to mimic human behavior to dupe chatters is worrisome, and could readily be used to collect all manner of information. “As a tool that can be used by hackers to conduct identity fraud, CyberLover demonstrates an unprecedented level of social engineering,” said PC Tools senior malware analyst Sergei Shevchenko in a statement. “CyberLover has been designed as a bot [robot] that lures victims automatically, without human intervention. If it’s spawned in multiple instances on multiple servers, the number of potential victims could be very substantial.”
[Via Arstechnica]

This is really a security issue here. Never give out your personal information online. I just want to post this to remind people not everything online is safe.

Trojan horse targets Mac OS X

A new trojan horse designed specifically for Mac OS X systems has been discovered on several pornography websites that can hijack Web traffic, according to security firm Intego. Affected systems are used to hijack some Web requests that lead users to other phishing sites, or simply display ads for other pornographic websites to generate ad revenue. Phishing attacks may lead users to believe they are surfing to eBay, Paypal, or various banks when in fact they are accessing specially-crafted mockups designed to retrieve usernames and passwords for those sites. The trojan, titled OSX.RSPlug.A, is rated as a critical risk by Intego, and is known to affect Mac OS X 10.4 Tiger as well as Mac OS X 10.5 Leopard. Intego is testing prior versions of Mac OS X, but believes them to be vulnerable as well.

The trojan claims to install a video codec necessary for viewing free pornographic videos on Macs, but when users click on the still images to view the content they are directed to a Web page stating that they must download a new version of a codec to play the movie file with QuickTime. Safari users who have checked the “Open ‘Safe’ Files After Downloading” option in General Preferences will find that the disk image which is downloaded to their Mac automatically mounts, and the installer application will automatically launch.

MPAA hacker interview

Wired has an interview with Robert Anderson, a hacker-for-hire who went to work for the MPAA, illegally breaking into BitTorrent trackers and snooping on their email:

According to Anderson, the MPAA told him: “We would need somebody like you. We would give you a nice paying job, a house, a car, anything you needed…. if you save Hollywood for us you can become rich and powerful…”

But once Anderson turned over the data and cashed the MPAA’s check, he quickly realized that Garfield had no further use for him. “He lost interest in me,” he says. Anderson felt abandoned: During negotiations with Garfield, the hacker had become convinced he was starting a long-term, lucrative relationship with the motion picture industry. “He was stringing me along personally.”

Hollywood’s cold shoulder put Anderson’s allegiance back up for grabs, and about a year later he came clean with TorrentSpy’s Bunnell in an online chat. “‘I sold you out to the MPAA,’” Anderson says he told Bunnell. “I felt guilty (for) what happened and I kinda also thought at that point the MPAA wasn’t going to do anything.”

Link

I thought people would like to read the interview also!! Enjoy

Teenager claims to have easy iPod Touch jailbreak

A 13-year-old hacker claims to have developed code that would let you put third-party applications on an iPod Touch without having to take a computer science class.

AriX sent us a press release Sunday promoting iJailbreak, an automated program that allows third-party applications to run on the iPod Touch. It doesn’t work for the iPhone, and it’s only available for iPod Touch owners that are using Intel-based Macs. I don’t have an iPod Touch at my disposal right now, so I’m unable to test whether it actually works, but some users on MacRumors.com reported that it worked.

Ever since Apple released the 1.1.1 software update for both the iPhone and the iPod Touch in late September that broke older third-party application installers, hackers have been hard at work searching for a new way to bypass the restrictions. A preliminary jailbreaking application was released last week, but it required a great deal of expertise to get up and running. Erica Sadun, a writer for The Unofficial Apple Weblog, installed that iPod Touch jailbreak Friday evening but warned, “This is not ready for prime time, kids. Don’t do this at home.”