Symantec Talks Loudly On Speech Flaw
Plus: Spaniard nabbed for hacking cell phones; NASA hacker in court.
A Symantec honeypot was compromised
by a site which was employing an attack using the MS07-033 vulnerability patched by Microsoft
. The vulnerability, discovered back in June (says this article
at Heise-Security.com), exists in two Microsoft Speech COM components.
Symantec made a fairly big deal of this, because it's the first attack based on that vulnerability, the company said. We've seen that for more than a year now -- bot herders are typically very quick to incorporate new attacks into their Trojans or the sites that install them. So it's unclear why Symantec thinks this issue is any more important than others.
What we know is that the rogue site was already offering up other malware -- based on earlier vulnerabilities -- until it was updated recently with a modification of the publicly available Proof of Concept exploit. So anyone who has visited the site previously and wasn't current with their patching would have been infected via the older exploits.
Perhaps the issue is the fact that the exploit was made available a mere two weeks after the patch was published -- still, even this isn’t new. Regardless, we still continue to believe that patching timelines are largely irrelevant for most users in most corporations. Those who travel to the darker corners of the Internet have already demonstrated this failing by becoming infected.
Cell Hacker Nabbed in Spain
This June 25th article in Agence France-Presse reports on an unidentified 28-year-old Spaniard, arrested and charged with creating and distributing the Cabir and Commwarrior Symbian Trojans and some 20 variants. The arrest is said to be the culmination of a seven-month investigation.
And another one bites the dust! It's important to know that these investigations take a considerable amount of time and effort. Until we find a way to make this process faster, criminals will continue to have a distinct advantage over law enforcement.
column was originally published in our weekly Security
Watch newsletter. To subscribe, click here.
NASA Hacker In Appears in Court
An article in Enterprise Security Today from June reports on Romanian Victor Faur, who appeared in court charged with illegally hacking into servers belonging to NASA, the U.S. Navy, the U.S. Department of Energy, JPL and the Goddard Space Flight Center. It's alleged that the 22-year-old altered data, installed IRC communications and downloaded applications found on those servers.
For his part, Faur said, "Everything was a game, I did not want to hurt anyone."
Wonder if the “I’m too stupid to realize I was doing anything that might be harmful” defense works this time. Certainly, courts aren’t accepting it like they used to, and the cute, cuddly, hacker kid image has largely been dismissed. Faur was an IT graduate and 20 at the time he allegedly mounted those attacks.
About the Author
Russ Cooper is a senior information security analyst with Verizon Business, Inc.
He's also founder and editor of NTBugtraq, www.ntbugtraq.com,
one of the industry's most influential mailing lists dedicated to Microsoft security.
One of the world's most-recognized security experts, he's often quoted by major
media outlets on security issues.