Abusing JavaScript for Social Engineering Fun!

There is a really interesting blog post by @ossij called “Hacking the a tag in 100 characters“.

I suspect the nefarious utility of this is going to be pretty extensive. We often tell our constituents in security awareness training to look at the address of a link before clicking on it. This strategy certainly has the ability to undermine that guidance, particularly if this JavaScript works in HTML emails. And I expect that it will work in HTML emails. One more reason that viewing email in plain text is a good idea.

I can envision some new crafty targeted watering hole attacks with this method. Rather than including a noisy iframe that gets presented to everyone, links on the page are redirected to a malicious site after clicking, but only for the intended victim – the page looks and works normally for everyone else.

Stay safe,

Jerry

The Importance of Reinstalling After a Virus or Malware Infection

In episode 11, I made some comments about wiping a compromised system rather than trying to clean it. I saw in my twitter feed a bit ago that the 2013 Shmoocon videos were posted. I looked through and one talk stuck out and I wanted to share here, given my comments: Wipe The Drive – Techniques for malware persistence..

Basically, the presenters show why it’s such a bad idea to simply clean a computer after a virus infection. I like to think this is common knowledge, but I meet people daily who so not understand the reasons behind taking this draconian approach.

Defensive Security Podcast Episode 11

Subscribe in iTunes | Podcast RSS Feed | Twitter | Email

Krebs Swatted: http://krebsonsecurity.com/2013/03/the-world-has-no-room-for-cowards/

China: http://www.slate.com/articles/technology/future_tense/2013/03/the_u_s_response_to_chinese_cyberespionage_will_backfire.html

http://www.crn.com/news/security/240150929/new-exploit-evades-all-antivirus-products-for-almost-a-day.htm

http://www.net-security.org/malware_news.php?id=2441

http://m.threatpost.com/en_us/blogs/ramnit-malware-back-and-better-avoiding-detection-031513

http://www.honeynet.org/node/1031

http://arstechnica.com/security/2013/03/national-vulnerability-database-taken-down-by-vulnerability-exploiting-hack/

Mandiant report: http://www.mandiant.com/library/M-Trends_2013.pdf

Solutionary report: http://www.solutionary.com/dms/solutionary/Files/SERT/2013GTIR.pdf

Defensive Security Podcast Episode 10

Feedback/comments – info@defensivesecurity.org
@defensivesec

Interesting Writeup by ESET on sink holing the zortob.b botnet http://www.welivesecurity.com/2013/03/08/sinkholing-trojan-downloader-zortob-b-reveals-fast-growing-malware-threat/
– common phishing emails emanating from it at the rate of 80m per hour Continue reading “Defensive Security Podcast Episode 10”

Defensive Security Podcast Episode 9

Episode 9 – From Las Vegas
Comments/questions/hate mail to info@defensivesecurity.org
Follow podcast on twitter @defensivesec

DDOS attack on Bank of the West masked a $900,000 theft from the account of Ascent Builders. http://krebsonsecurity.com/2013/02/ddos-attack-on-bank-hid-900000-cyberheist/

Bible.org- https://isc.sans.edu/diary/When+web+sites+go+bad%3A+bible+.+org+compromise/15250
Site compromised – serving malware, had rudimentary defense against automated analysis

Bit9 update: https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
– kudos to bit9 for transparency and disclosure – hopefully works in their favor

Continue reading “Defensive Security Podcast Episode 9”

Defensive Security Podcast Episode 8

News:

Burger King & Jeep twitter accounts hacked

Microsoft and Apple hacked with same exploit that hit Facebook

NBC.com’s site is hacked, injecting an iframe directing visitors to a site that served an exploit kit and installed the Citadel trojan. Continue reading “Defensive Security Podcast Episode 8”

Defensive Security Podcast Episode 7

  • defensive security episode 7Please rate the podcast on iTunes!
  • Follow me on twitter @defensivesec
  • Send comments to info@defensivesecurity.org

News:

Continue reading “Defensive Security Podcast Episode 7”

Defensive Security Podcast Episode 6

Suggestions to podcast@defensivesecurity.org

News:

  • ISD Podcast shuts down
  • Noticeable uptick in phishing attacks recently, leading to various exploit kit web sites
  • Yet another Java update.  Oracle seems to have gotten the message.
  • Combofix, a free tool for removing certain kinds of malware, was infected with Sality
    • Do not download repackaged software from other file hosting sites.  Bad!
  • Cisco released it’s 2013 security report.
    • Legitimate sites much more likely to be malicious than traditional pornography
    • Ad networks and content delivery networks worst offenders
  • Anonymous stole information on 4600 bank executives from a Federal Reserve emergency communication application.

Defensive Security Podcast Episode 5

Download the MP3 here

Suggestions? ideas? feedback? Send an email to podcast@defensivesecurity.org

A lot has happened since the last Podcast:

Protect Yourself From The Latest Java Zero Day

Brian Krebs is reporting that a new zero day vulnerability and matching exploit are making the rounds, with no patch or fix in sight.

My recommendation is to consider disabling the java browser plugin or implementing no script with a policy to only allow java originating from intranet sites.

Be careful out there!