Archive for January 12th, 2008
January 12th, 2008 by Jake Soriano (Technical Communications)
Spammers might be having another avenue for troubling Internet users. According to security researcher Adam Weaver, network printers could be hijacked and used by spammers to distribute whatever unwanted information they intend to give out.
A little-known facility in Web browsers, which Weaver calls “cross site printing”, can be used by a malicious user to launch a print job on a printer on an affected user’s network. All it takes is a visit to a malicious Web page, and the spamming activities through network printers could commence.
Besides printing annoying messages, the malicious Web site is seen as capable of discharging potentially more dangerous commands, sending fax messages for instance if the device is available, formatting a printer’s hard drive, or downloading firmware.
Just an iframe added to a Web site could set off a network printer to start printing remotely, Weaver adds. Only network printers would be vulnerable to spamming through this means; printers plugged directly to a PC would not be at risk.
This discovery would be unprecedented, as an attack such as this has never been demonstrated before. Researchers agree that this could very well increase possible attacks using local area connections.
The solution to this problem lies on both browser and printer security. Mozilla, for instance, blocks ports that are linked to known system vulnerabilities. However, many ports are still left open. Weaver, at then end of his paper, volunteers some valuable tips in keeping network printers secure: administrator passwords should be set on printers and access it should be restricted so that the printer accepts only print jobs from a centralized print server.
January 12th, 2008 by Arman Capili (Technical Communications)
The online gaming industry suffered another security setback as Microsoft’s popular online gaming service, Xbox Live, was reported to have experienced a high-profile hacking incident.
On 29 December 2007, Halo 3 star gamer Colin Fogel found himself logged out of his Xbox Live account one minute, then completely barred from it the next. According to Fogel, this is the third time he fell victim to a hacking incident, considering his popularity in the gaming industry.
He rose to fame after showcasing how a Halo 3 player can shoot and kill himself using his own sniper rifle. He was awarded a special piece of in-game Recon armor by Bungie Studios, makers of Halo 3.
Very lucrative as it may seem, there’s more than Fogel’s prized Recon armor that can be hoarded from his account. Xbox Live accounts typically contain critical user information such as credit card numbers, MSN and Hotmail credentials, and home addresses. This is reminiscent of previous online game thefts usually targeted at avid gamers, looting precious gaming data that has an equivalent monetary value.
While other online games are plagued with malware and spyware info-stealers, Xbox Live seems to be more vulnerable to social engineering tactics of hackers—and they are taking pride by bragging it in online forums. These hackers take the guise of legitimate Xbox Live users and manage to solicit information from support employees. Now, that’s one gaping hole Microsoft has to plug soon.
Fresh from the frenzy of determining which gaming console topped the holiday sales, Microsoft and other manufacturers should start focusing on this kind of security issue. The multi-billion dollar gaming industry may soon find its followers losing it out not only in the virtual world, but being bled financially as well.
January 12th, 2008 by JM Hipolito (Technical Communications)
A URL link to a Trojan posing as a copy of the Trend Micro RootkitBuster is currently being spammed in the wild.
It was found that the email containing the said malicious URL is being spammed to members registered to certain freeware download domains, such as www.bestfreewaredownload.com and betterwindowssoftware.com. This hacked version of RootkitBuster is apparently used to gather email addresses from its users.
It is now detected as TROJ_FAKEBUSTR.A. It displays a fake GUI (Graphical User Interface) of the Trend Micro RootkitBuster as shown below:
This Trojan then displays the following window to prompt target users to activate the “product” and its updates through registration of their names and email addresses:
The data entered by unknowing users is then sent to a remote malicious user, possibly using the gathered addresses to spam the same Trojan to more users or for other more malicious activities.
The real RootkitBuster can be downloaded for free directly from the Trend Micro Web site. It is not spammed and it does not ask for any information from the user when it is downloaded.
Security vendor Prevx has also found their product used in a similar scheme when a hacked copy of their ComputerSecurityInvestigator was discovered to be available for download at CNET’s Download.com.
Downloading anything (yes, even security applications) should always be done with caution, lest your computer goes bust courtesy of these fakes.
Thank you to Prevx for all their help in this case.
Additional information provided by Senior Threat Engineer Millette Regulacio
