Wednesday, November 9, 2011

Click-jacking

Attaching a nice presentation on the topic of Click-jacking.

http://elie.im/publication/busting-frame-busting-a-study-of-clickjacking-vulnerabilities-on-popular-sites

The presentation and site also describe a "mobile" version of Click-jacking named Tap-jacking,
and also state the importance of addressing these different threats on mobile versions of sites (if a specific version was even developed).

Thursday, November 3, 2011

Symantec uncovers Nitro attacks targeting chemical industry


Symantec has revealed yet another large-scale targeted cyber attack, this time designed primarily to steal information from chemical and defense companies.
The attack, which seems to be related to China, is part of a growing overall trend in the chemicals market of stealing intellectual property.
The discovery comes during a year in which many similar attacks have been uncovered, including Night Dragon, Shady RAT and Lurid, all apparently designed to covertly steal intellectual property from a range of organizations. 

Attached is the original Reuters link which first published the news along with a more detailed analysis of the attack.


Tuesday, November 1, 2011

Duqu vs. Stuxnet – more of the same?


Duqu, the newly discovered malware, has been named by many as a 'predecessor to Stuxnet', but in fact this piece of sneaky code has its resemblances and differences  to the notorious worm.

A variety of anti-malware researchers and firms recently reported that Duqu's structure, in terms of files and some internal logic, is almost identical to its alleged predecessor - offering a close familiarity with Stuxnet source-code in order to conduct it.
One of the firms even identified Duqu as a version of Stuxnet, and their automatic malware analysis determined it was Stuxnet itself.

On one hand, Duqu is signed with a legitimate digital certificate; Stuxnet did the same with a different certificate, obviously the certificate has been revoked upon discovery.
On the other hand, the purpose of Duqu is entirely different. Some of the uncovered features include keylogging, autodestruct of itself including many traces and transmitting collected data to a Command and Control server using encrypted files, and strange image files that are still under investigation.  

Nonetheless, Duqu's level of sophistication is rare, and it's raison d'ĂȘtre is still remained unsolved.
Keep an eye open on this one, as the story of Duqu's history is slowly revealed.