Security Watch

Didn't We See Conficker Before?

Plus, eBay bites its users; Safari's hacker gets brazen.

• By Jabulani Leffall
• 03/10/2009

The Conficker worm continues to be a thorn in the side of Redmond security experts. And the annoyance with the bug was palpable last week when Roger Halbheer, chief security adviser for Microsoft's Europe, Middle East and Africa, implied that the whole IT community was complicit in the spread of the worm since its discovery in October. Well it isn't over yet.

Despite the fact that Microsoft is currently collaborating with other industry organizations, such as AOL, Verisign and Symantec, to form a group to stop the self-replicating worm, a new version of Conficker has been spotted. Some security gadflies believe this to be the first wave of automated instructions being dispersed via previously infected machines. The lastest variant has been dubbed "Conficker.C" -- Conficker A and B are already in the wild -- and is said to be replicating itself based on the number of domain locations it uses to communicate with its authors.

There is surely some organic intelligence afoot here as the new strain could perhaps be the result of Microsoft's well-publicized alliance with URL disseminating organizations and third-party security firms. Redmond even went so far as to offer a $250,000 award for any information leading to the capture of the person or persons responsible for the worm. Perhaps the bug's author are seeking to up that ante.

eBay Attackers Harass IE, Firefox Users
Hackers are now using online auction site eBay to unpatch holes in both Internet Explorer and Mozilla's Firefox browser. Reports say that hackers are using the browsers to inject false pages with bad code that trick people into clicking to bid on false listings. Like any other cross-site scripting attack, once a user clicks on the page, a hacker could take control of their workstation. The attacks managed to inject eBay pages with hostile code by exploiting issues long known to afflict Firefox and IE. While eBay has managed to block the exploit from working on its domains, other Web sites that accept user-generated content may still be vulnerable to the attacks, security experts warn.

Open source volunteers have said on Firefox message comments that they are working on a patch for the applicable vulnerabilities, while Microsoft has instructed users to install the latest cumulative IE patches.

Like most attacks on trusted Web Sites, users are advised to use common sense. Thus to avoid falling victim to pages with erroneous Javascript elements on third-party servers, bid on what you're bidding on, buy what you're buying and stay vigilant and focused.

Safari's Repeat Offender
A former NSA operative, computer whiz and apparently part-time hacker mercenary, Charlie Miller has spent the last couple of years as the bane of Apple existence. This has been especially true as Miller has playfully demonstrated the vulnerability of the company's Safari browser. Last year, in front of thousands of fellow hackers at a confab in Canada, he hacked into a MacBook Air workstation via the browser in a reported two minutes. He won $10,000 for this fete, which annoyed Apple to its, ahem, core.

This week, he said he'll do it again soon, proclaiming his plans to trip the switch for Safari 4 Beta version in the third annual Pwn2Own contest coming up in Vancouver March 16-20. (The term "pwn" is, of course, message board shorthand for engaging in competition and then completely "owning" that person, place or thing in said contest; that it's spelled with a p is another story for another day.) Also targeted will be IE8, Google Chrome, Firefox on PC's and Macs. Mobile hardware in the crosshairs will be iPhones, Windows Mobile phones, Google Android devices and BlackBerrys.

Perhaps due to the recession, the prize is only $5,000, which hackers will still covet. For his part, Miller has said he'll concentrate only on Safari because it's an easy target and going after other targets isn't worth it with the smaller winnings.

Redmond's Latest Security Portal
To further illustrate its ongoing commitment to security, Microsoft has launched yet another beta version of a Web portal for IT security enthusiasts. The software giant's goals are two-fold: to provide a comprehensive list of all of its products that help fight off malware, viruses and the like; and to provide analyses definitions and profiles of bugs such as the aforementioned Conficker, a strain of which is described here.

Redmond boasts that it with this release, it is rolling out "improved content" with detailed instructions on fighting bugs and expanded glossaries of common terms, along with the alert and severity level of bugs that happen to catch the company's eye. There is also an interactive component, which allows users to submit news and activities pertaining to security threats. The launch of what amounts to a diagnosis center for IT threats gives credence to the proposition that Microsoft believes that knowing is half the battle when it comes to security.