Clear Belief Systems Blog » Hackers

Adobe PDF’s Account for 80% of Malware Exploits According to One Research Firm

Don Fosen — Mon, 15 Feb 2010 19:31:53 +0000

Adobe has had a lot of issues with the PDF document format and Reader software. Hackers are using PDF’s as a way to deliver malware to PC’s across the world (see my post from January 8th). Now according to one firm, ScanSafe located in San Bruno California, 80% percent of the exploits by the end of 2009 were PDF based. It is extremely important that you keep your anti-virus software up to date to block these attacks. Also, if you are not running Adobe Reader 9, go to Adobe’s site and install it right away. While you are there, install the latest version of Flash, it is something else that is frequently the vector for attacks. Adobe is not great about updating their software, they don’t particularly seem to care that it is being used in this way so it is a great idea to be very careful about what PDF files you open.

Additional Information:
ScanSafe report (registration required)
ComputerWorld Article
Foxit PDF Reader (free safer PDF reader software)
New Adobe Reader and Acrobat Vulnerability
Large-scale attacks exploit unpatched PDF bug
Adobe probes new in-the-wild PDF bug

A Lesson In Simple Passwords

Don Fosen — Thu, 21 Jan 2010 17:37:45 +0000

A company recently did an analysis of 32 millions passwords that were published on the Internet from a breach at RockYou.com. This was a very rare opportunity to look at the passwords people select using a large set of data. The results? 20% of the 32 million password created were from a very small pool of 5000 words. This is problematic because hackers frequently use tools that conduct multiple logins using a dictionary of common words. This software can run through thousands of passwords a minute and find accounts it can access. The hackers then exploit these accounts or sell them to other criminals.

Your best bet? Use passwords that contain mixed case, letters and numbers, and throw in a special character now and then. Don’t use your birthday or your family names, including your pets. And whatever you do, don’t use “123456″ – the most common of the common passwords.

Additional Information:
Simple Passwords Remain Popular
Analysis of 32 million passwords

IE Exploit Used in Google Attacks

Don Fosen — Wed, 20 Jan 2010 20:26:30 +0000

A bug in Internet Explorer was used by what appears to be Chinese government sponsored hackers to access the email accounts of Chinese dissidents. Microsoft has stated that this problem exists mainly in Internet Explorer 6 but there is some question in the industry about how this issue affects the more recent iterations of IE. Some reports claim that the bug exists but it would only crash IE, not allow access to protected data. Microsoft is expected to release a patch by February 9th at the latest.

This is a great example of why it is so critical to keep current on Windows updates, many of the updates Microsoft is releasing now are fixing serious security problems, not just for Internet Explorer but all of Microsoft’s products. I also highly recommend Firefox (download here) for those of you who have not tried it. It has an occasional security problem as well but overall appears to be more secure than Internet Explorer.

Additional Information:

Google Blog Post About Incident
Microsoft Security Response
Hacking Code Made Public
Hackers Wield Newest IE Exploit

Update: Yesterday (Thursday January 21st) Microsoft released an emergency patch for this bug. Please make sure you are current on Windows Updates.

Unpatched Adobe PDF bug results in large-scale attacks

Don Fosen — Thu, 07 Jan 2010 19:50:14 +0000

Adobe has acknowledged a bug in their Reader and Acrobat software that is being used to conduct large-scale attacks against users. The bug was acknowledged on December 14th but Adobe decided not to fix it until January 12th at the earliest. Please be very careful about opening PDF files from unknown sources until this is resolved. I highly recommend that you disable Javascript in Reader, click here for detailed instructions on how to do this. If you running Adobe Reader 9 you should get the update automatically when it is released, if you are not running version 9 you should install it. You can also consider alternative PDF Reader software, Foxit Reader has been well reviewed. Download it here.

Additional Information:
New Adobe Reader and Acrobat Vulnerability
Large-scale attacks exploit unpatched PDF bug
Adobe probes new in-the-wild PDF bug

Anti-virus Scammers Have Made $150M

Don Fosen — Mon, 14 Dec 2009 22:07:43 +0000

The FBI is saying that anti-virus scammers have made in excess of $150 million by duping Windows users into buying fake anti-virus software. The scam usually involves a pop-up window on your PC saying it is at risk and gives you a link to buy software which is really a virus. Frequently these programs are call Windows AntiSpyware 2009 or something similar. Even users without administrative permissions can install the virus as it uses unpatched security defects in Windows itself to install.

Additional Information:
FBI: Rogue antivirus scammers have made $150M
Remove Antispyware 2009

Wordpress Security Concerns

Don Fosen — Mon, 30 Nov 2009 19:56:19 +0000

Clear Belief Systems has a customer who has come to us because their WordPress blog had been hacked into and was being used to distribute viruses and compromise secure information. We managed to get the blog cleaned up but it is a lesson for all us running WordPress. WordPress is something that has to be supported and frequently monitored and updated. The compromised installation was only 1 version behind but in that version was an important security update.

If you currently have a WordPress based blog please be sure to keep up with the latest releases. There are also several security plug-ins that are worthwhile to install.

Check out the official WordPress security related plugins

As always, if you need support you can contact us through our Web site at ClearBelief.com

Phone System Hackers Leave Small Businesses With Big Bills

Don Fosen — Tue, 10 Nov 2009 18:13:18 +0000

Hackers are expanding their attacks to phone systems across the nation. They will dial in, often with automated programs, and attempt to access the administrative interface of the phone system. They will then give themselves the capability of dialing international numbers. Many VOIP (voice over Internet protocol) based phone systems are also vulnerable through their Internet connections.

How do you protect your phone system? Here are some things to do:

Make sure default passwords are changed
Put a good firewall solution in front of any VOIP solutions
Review phone bills carefully for any odd calling patterns
Have a qualified vendor conduct periodic security reviews

Additional Information:

Pirate attack leaves phone system plundered
New Technique Utilizing Private Branch Exchange (PBX) Systems To Conduct Vishing Attacks
A Techie Talks About Getting Hacked