??????????? Linux ? GHOST ????CVE-2015-0235?
GHOST 脆弱性は Shellshock や Heartbleed といった脆弱性と同じくらい深刻に見えますが、その影響はいくつかの要因によって緩和されます。
Read More
GHOST 脆弱性は Shellshock や Heartbleed といった脆弱性と同じくらい深刻に見えますが、その影響はいくつかの要因によって緩和されます。
Read More
On October 27, while tracking exploit kits (EKs) and infected domains, Symantec discovered that the popular music news and reviews website spin.com was redirecting visitors to the Rig exploit kit. This exploit kit was discovered earlier this year and is known to be the successor of another once popular EK, Redkit. The Rig EK takes advantage of vulnerabilities in Internet Explorer, Java, Adobe Flash, and Silverlight and was also one of the EKs associated with the askmen.com compromise back in June.
At the time of writing, the spin.com website was no longer compromised. However, spin.com is a popular site in the US, according to Alexa, so the attackers could have potentially infected a substantial amount of users’ computers with malware during the time the site was compromised. The number of potential victims could grow substantially depending on the length of time the website was redirecting visitors to the EK prior to our discovery. Our data shows that the attack campaign mainly affected spin.com visitors located in the US.
Figure 1. Symantec telemetry shows visitors based in the US were most affected by spin.com compromise
How the attack worked
The attackers injected an iframe into the spin.com website, which redirected users to the highly obfuscated landing page of the Rig EK.
Figure 2. Injected iframe on compromised spin.com website
When the user arrives on the landing page, the Rig EK checks the user’s computer for driver files associated with particular security software products. To avoid detection, the EK avoids dropping any exploits if the security software driver files are present.
Figure 3. Rig EK searches for driver files used by security software products
The EK then looks for particular installed plugins and will attempt to exploit them accordingly. In the recent compromise, the Rig EK took advantage of the following vulnerabilities:
Upon successfully exploiting any of these vulnerabilities, a XOR-encrypted payload is downloaded onto the user’s computer. The Rig EK may then drop a range of malicious payloads such as downloaders and information stealers including banking Trojan Infostealer.Dyranges, and the infamous Trojan.Zbot (Zeus).
Symantec protection
Symantec has detections in place to protect against the Rig EK and the vulnerabilities exploited by it, so customers with updated intrusion prevention and antivirus signatures were protected against this attack. Users should also ensure that they update their software regularly to prevent attackers from exploiting known vulnerabilities. Symantec provides the following comprehensive protection to help users stay protected against the Rig EK and the malware delivered by it in this recent website compromise:
Intrusion prevention
Antivirus
Two of the flaws are critical, but are they as serious as Heartbleed?
Read more…
悪用コードや、侵害を受けた Web サイトからダウンロードされたファイルを介して拡散している情報盗難型のマルウェアファミリーによって、日本のオンラインバンキング利用者が狙われています。
Online banking customers in Japan are being targeted by an information stealing malware family that is distributed using exploits as well through files downloaded from a compromised website.
Read more…
This blog post is based on the new Symantec Website Security Solutions free white paper, The Power to Destroy: How Malware Works which pulls together statistics from across Symantec’s global security network. The white paper is available in Frenc…
For anyone intent on finding out exactly what the worldwide impact of cybercrime is now – and the price we are all paying as it penetrates every corner of the global markets – there can be no better starting point than the 2013 Norton Cybercrime Report[1].
The findings are both eye-opening and deeply concerning. According to the report, some 1 million-plus adults become cybercrime victims every single day and, if you break that down, it equates to a staggering 12 victims per second.
This annual report, commissioned by Symantec[2], is focused on understanding exactly how cybercrime affects consumers (more than 13,000 adults across 24 countries took part in the 2013 survey) and how the adoption and evolution of new technologies impacts their overall security.
And what an impact that turns out to be, with the global price tag of consumer cybercrime now topping US$113 billion annually – enough to host the 2012 London Olympics nearly 10 times over – while the cost per cybercrime victim has shot up to USD$298: a 50% increase over 2012. In terms of the number of victims of such attacks, that’s 378 million per year – averaging 1 million plus per day.[3] Speaking of the Olympics: BT security chief executive officer Mark Hughes, in a presentation at the recent RSA conference, said that no (successful) cyber-attack had occurred during the Games. Quite an achievement, considering BT dealt with over 212 million cyber-attacks on the official website during last year’s Olympic and Paralympic Games.
PAYING THE PRICE
According to the report, 83% of direct financial costs are a result of fraud, repairs, theft and loss. Equally worrying is how deeply cybercrime is etching its mark across each and every continent.
In North America, the percentage hit by these attacks was 63% in the USA (at a cost of US$38 bn), while, in Canada, it was even higher, at 68% (cost: US$3 bn)
In Central America-Latin America (CALA), the figures were no less alarming: Brazil 60% (cost: US$8 bn); Mexico 71(US$3 bn); and Colombia 64% (US$0.5 bn)
In the Middle East, the worst affected countries were Saudi Arabia (62% – US$0.5 bn) and the UAE (71% – US$0.3 bn).
THE VICTIMS
What makes this even more concerning is that, as our channels and means of communication expand, cybercrime is seizing on the opportunity, spreading across the world with the speed and ferocity of a pandemic. Well over a third (38%) of those surveyed have experienced mobile cybercrime in the past 12 months, the main victims being:
Half (50%) of all online adults have been victims of cybercrime and/or negative online situations in the past year, the report confirms, while 41% have fallen victim to attacks such as malware, viruses, hacking, scams, fraud and theft.
PUBLIC/UNSECURED WI-FI
As far as public/unsecured Wi-Fi is concerned, the statistics relating to potentially risky behaviour are particularly disturbing:
The cybercriminals must be equally encouraged at the response to their full-on assaults when it comes to mobile devices – because the 2013 Norton Cybercrime Report also reveals that nearly a half of respondents don’t use basic precautions, such as passwords, security software or back-up files.
On the plus side, when it comes to their PCs:
However, that still means more than a quarter DON’T appear to have any antivirus protection at all, while almost a quarter DO store sensitive files on line.
CONVENIENCE OVER SAFETY
Why is safety on line treated so indifferently by so many people? According to the 2013 Norton Cybercrime Report: “Many consumers are making a conscious decision to trade their safety for convenience; many more are unaware that they’re making the same trade.”
What the report highlights most of all is that the need to stay safe at all times has never been greater. Moreover, ‘constantly connected, doesn’t have to equal ‘constantly at risk’, it points out. The tools and solutions are readily to hand to ensure that you are always protected. And here are some ‘Top Tips’ from the report on how to defend your data:
Failing to ensure this means the cybercriminals will only go from strength to strength, leaving an ever greater trail of destruction in their wake. And even more victims.
For more information on how to stay safe and secure online, visit https://www.staysecureonline.com/
[1] 2013 Norton Cybercrime Report: go.symantec.com/norton-report-2013 (Direct link to PPT of the report)
[2] Research conducted Edelman Berland.
[3] Online adults per country x % cybercrime victims past 12 months per country = 377,943,431 (sum of 24 countries).
This post is based on the new vulnerability gap white paper compiled by Symantec Website Security Solutions
Malware infection is one of the fastest emerging security threats for websites. More than 24% of websites are vulnerable to malware, while a lar…
スマートホームに対するハッキングが実に簡単であることを、フォーブス誌のカシミール・ヒル(Kashmir Hill)記者が報じています。記事によると、「Google でごく単純な言葉を検索するだけ」で、ある有名企業のオートメーションシステムを備えた住宅のリストが表示されたといいます。「(オートメーション)システムは、検索エンジンでクロールされていた」とヒル記者は書いています。現在は停止していますが、それまでのシステムはユーザー名やパスワードを設定しなかったため、検索エンジンの結果をクリックすれば、システムを完全に制御できてしまいました。記者はオンラインで発見した住宅のうち 2 軒に連絡し、許可を得たうえで照明の点灯と消灯が可能であることを実演しています。また、住宅にある各種の機器も制御できたということです。これは、ホームオートメーションシステムに潜むセキュリティ上の問題の一例にすぎません。
ホームオートメーションとは、照明、暖房、ドアや窓の施錠、監視カメラなどを自動化するシステムです。比較的新しいシステムですが、市場は急成長しており、米国だけでも 150 億ドルに達します。ただ、どのような新技術でも同じですが、潜在的なセキュリティリスクは避けがたいものです。
ホームオートメーションシステムのセキュリティ脆弱性については、Black Hat 2013 セキュリティカンファレンスでセキュリティ研究者が個別に 2 つのプレゼンテーションを行う予定です。1 つは、プロプライエタリな無線プロトコルの Z-Wave における脆弱性についてのプレゼンテーションです。Z-Wave は、ホームオートメーションの制御パネル、セキュリティセンサー、防犯システムなどの組み込みデバイスで幅広く利用されています。これには欠陥があり、暗号化された Z-Wave デバイスの通信を傍受すると、他の Z-Wave デバイスを無効にすることができてしまいます。「Home Invasion 2.0」と題された、もうひとつのプレゼンテーションは、いくつかの人気ホームオートメーションシステムで判明した脆弱性に関するものです。「約 10 種類の製品を調査しましたが、侵入を果たせなかったのは 1 つか 2 つで、大部分は何のセキュリティ対策も講じられていませんでした」と SpiderLabs のダニエル・クローリー(Daniel Crowley)氏は述べています。多くの機器では、アプリをモバイルデバイスにダウンロードし、それを使ってリモートでオートメーションシステムを制御できるようになっています。システムの多くは、モバイルデバイスとホームシステムの間で通信するときに何の認証も使われていないため、悪質な攻撃者による制御を許してしまうことがわかったと研究者は指摘しています。
米国の住宅におけるホームオートメーションシステムの普及率はまだ 3% 程度ですが、この数字は増加する傾向にあり、一部のアナリストによれば今後数年間に倍増するという予測もあります。
新旧を問わず技術の導入を急ぐときには、その技術に伴うセキュリティがともすると軽視されがちです。今回のケースのように脆弱性が露見することで、堅固なセキュリティの重要性が再認識されることを期待します。
* 日本語版セキュリティレスポンスブログの RSS フィードを購読するには、http://www.symantec.com/connect/ja/item-feeds/blog/2261/feed/all/ja にアクセスしてください。
Kashmir Hill, a reporter for Forbes, found out just how easy it is to hack a smart home. By “Googling a very simple phrase,” Hill was presented with a list of homes with automation systems from a well-known company. “[The] systems ha…