Tag Archive for spyware

Its the FMI’s Turn at Being Hacked

Within weeks of the World Bank’s story breaking about its computer systems being breached by hackers, Fox News has reported here that Cyber-Hackers have broken into the IMF computer system.

The International Monetary Fund (IMF) is an international organization that oversees the global financial system by following the macroeconomic policies of its member countries, in particular those with an impact on exchange rates and the balance of payments. It also offers financial and technical assistance to its members, making it an international lender of last resort. Its headquarters are located in Washington, D.C., USA.

The IMF of course absolutely denies that the event took place. The spyware discoveries came at a particularly sensitive time for the international bailout institution, which along with the World Bank is expected to play a central role in trying to combat global financial turmoil.

This is too much of a coincidence in my opinion. Any information taken by the attackers will likely be used as leverage to blackmail the institutions rather than being made public to embarass them.

In fact, the computer assaults on the World Bank and the IMF are only part of a rash of sensitive cyber-burglaries that even reached into the U.S. presidential campaign. Both London’s Financial Times and Newsweek recently reported that the computer network of the White House, and the Obama and McCain campaigns, were seriously breached.

The Pentagon claims the Chinese army has established units to develop viruses to attack enemy computer systems. Chinese hackers penetrated the Pentagon last year, in an attack that obtained e-mails from the system serving Defense Secretary Robert Gates.

Despite vigorous Chinese denials, “everyone in the intelligence community knows that China is the biggest player in cyber espionage,” says John Tkacik, a former head of China intelligence for the U.S. State Department. Tkacik told FOX News that later this month, President-elect Obama will be presented with a new top-secret National Intelligence Estimate (NIE) report that “will cause the scales to drop from his eyes” regarding Chinese cyber-espionage.

“What the Chinese are particularly interested in at the IMF is what loans the IMF is likely to give to other countries,” says Nick Day, a former British intelligence officer who runs Diligence, a private investigative firm that does extensive work for many international corporations and institutions.

“The geopolitics of this is that essentially you’ve got a few countries in the world that are stacked on huge foreign capital reserves — Russia, China, Japan, the Middle East — and the rest of us are pretty much borrowers to those lenders.


Worm Takes Advantage Of Microsoft Flaw

Just as I had predicted it would happen, there are already reports that a worm exploiting the hole in the “Server Service” has been seen in the wild. Microsoft released yesterday a critical “out-of-band” patch (MS08-067) release having known about the issue for a while.

Milw0rm, an exploit tracking Internet site has posted the exploit code required to overflow the stack. The code can be downloaded here.

Symantec is tracking an exploit “Bloodhound.Exploit.212”, via Bugtraq ID 31874 using this vulnerability, but they report it is still not widespread. Other reports points to a certain file “n2.exe” being downloaded to compromise computers, as McAfee has been tracking here.

The worm as already received several names including Gimmiv and Dropper. The guys over at Threat Expert Blog have a pretty detailed explanation of how the code works and what it does.

Both Symantec and McAfee said Friday that they had seen only a very small number of attacks based on this exploit, but Symantec says that, starting Thursday evening, they found a 25 percent jump in network scans looking for potentially vulnerable machines. That could be a sign that more attacks are coming.

It is not likely that large networks will have ports 139 and/or 445 open to the Internet and even most DSL/Cable modem router will not allow this kind of inbound traffic either, but I have no doubt this will cause a false sense of security among pseudo-system admins and as this worm evolves and becomes more sophisticated, it will transverse corporate perimeter firewall through malware and spyware and then spread within the network wreaking havoc.


The Swiss Army Knife for Your PC

Great article at Lifehacker on Windows maintenance tools that anyone wanting to run a healthy PC should have installed.

Apart from CCleaner, Revo Uninstaller, Auslogic Disk Defrag, and Spybot – Search & Destroy, I would also add some in case virus/malware/spyware removal is required. RootKitRevealer, Ad-Aware, ATF-Cleaner, Avenger, HijackThis and Trojan Remover.