Infosec Weekly Radar, January 2 – 8, 2012

phew what a week! We used to summarize what we have on the information security news in four to five articles but this week we have more to share, the first one is about security software company Symantec.
Hacker group threatens to release Symantec AV source code
Symantec old Anti-Virus source code stolen by an Indian group of hackers, this incident is very critical for a security company as this may affect customers and trusting their product, if hackers have the source code of any application this will help them to find new zero-days in the product without alerting the company.
So for malware editors this can be a good news but if the product in the end of sale I hope that most users apply best practices by upgrading their applications to latest versions.
100 Million user name and passwords leaked out from China
This article covers a big breach on Chinese websites massive leak of online user information including China’s most popular online shopping, micro blogging, social networking and gaming websites.
“CSDN.net has issued a public apology, urging its users to immediately change their passwords. Sina Weibo said the rumored 4.76 million list of Sina Weibo accounts were not from the company’s files, as Sina encrypts all its passwords.” According to the article
http://english.caixin.com/2011-12-29/100344138.html
Bootkit Threat Evolution in 2011
Eset published an interesting analyses about 2011 evolution of bootkit with comparison of most stealthy malwares such as TDL4, ZeuS and zeroaccess rootkits.
“The year 2011 could be referred to as a year of growth in complex threats. Over the course of this year we witnessed an increase in the number of threats targeting the Microsoft Windows 64-bit platform, and bootkits in particular”
http://blog.eset.com/2012/01/03/bootkit-threat-evolution-in-2011-2
Bloggers Bypass Russian Military Rocket Factory Security, Post Pictures Online
Another article about physical security breach where bloggers have managed to take pictures for very sensitive Russian military rocket motor factory.
“Lana Sator, a blogger, entered state rocket-maker Energomash’s plant with a group of friends on five separate occasions without being caught once. She managed to take nearly 100 pictures of the plant’s control room, its roof, and hardware in an engine-fuel testing tower.”
http://www.dailytech.com/Bloggers+Bypass+Russian+Military+Rocket+Factory+Security+Post+Pictures+Online/article23644.htm
30 Pakistan government Sites goes down !
“Indian Hacking Group Indishell claiming to hack and Bring down 30 Pakistan government websites, Including Police and Navy Sites also. Hacker attack on webserver located at 50.23.225.39 IP address.”
http://thehackernews.com/2012/01/30-pakistan-government-sites-goes-down.html
Ramnit Goes Social
Ramnit is a financial malware that is now targeting social network on this week it has been reported to steal about 45K Facebook accounts.
“Discovered in April 2010, the Microsoft Malware Protection Center (MMPC) described Ramnit as “a multi-component malware family which infects Windows executable as well as HTML files”, “stealing sensitive information such as stored FTP credentials and browser cookies”. In July 2011 a Symantec report [PDF] estimated that Ramnit worm variants accounted for 17.3 percent of all new malicious software infections.”
http://blog.seculert.com/2012/01/ramnit-goes-social.html
Enter_at_your_own_Risk Cyber Awareness Magazine, January edition
The last up is the new release of the hackernews magazine Enter_at_your_own_Risk Cyber Awareness January edition where you can find several valuable contributions from a bunch of popular information security bloggers.
http://news.thehackernews.com/THN-Jan2012.pdf