Industry Trends

Security Week In Review, April 16-20

By Stefanie Hoffman | April 23, 2012

Among other things, Anonymous was up to its usual shenanigans, a new Android attack that emerged already tainted a brand new photo app and Apple malware continued to baffle inexperienced Mac users naive to the ways of security threats. Here's a look at the security landscape for April 16-20.

Surprise! Another Mac Threat: Last week, yet another Mac Trojan was found on the security threatscape wreaking havoc on the once typically sheltered Mac OS X users.

Specifically, the new Mac Trojan, dubbed Backdoor OSX SabPub.a, exploits a Java vulnerability known as Exploitl.Java, renowned for circumventing antimalware scanners, among other things.

Altogether, SabPub, which emerged a little more than a month ago, creates a custom backdoor for the OS X platform used specifically in targeted Mac attacks. Once it becomes activated, the Trojan connects to a remote Website linked to its command and control center to await further instructions from its creators. After it takes hold, the threat recreates screenshots of the user's current session and then executes malicious commands on the compromised machine.

Exact infection mechanisms for Backdoor SabPub are thus far unclear, but one theory suggests that the attack was launched via socially engineered phishing e-mails containing URLs that redirected users to malicious Websites hosted in both the US and Germany.

Oracle Issues Whopper Patch: Last week, Oracle released a mighty Critical Patch Update (CPU) entailing 88 fixes for glaring security flaws, several of which enabled hackers to gain remote access while bypassing authentication mechanisms.

Altogether, Oracle’s patch plugged six security holes, four of which enabled remote attacks, occurring in Oracle Enterprise Manager, while addressing numerous other flaws in Oracle Database Server, Oracle Fusion Middleware, Oracle Sun products, MySQL, Oracle Enterprise Manager Grid Control, Oracle e-Business Suite, Oracle Supply Chain, Oracle PeopleSoft, Oracle Industry Applications, Oracle Financial Services and Oracle Primavera Products.

“Due to the threat posed by a successful attack, Oracle strongly recommends that customers apply CPU fixes as soon as possible,” Oracle said in its advisory.

Oracle had issued a security alert during its last quarterly patch January 31st addressing a critical denial of service vulnerability in multiple Oracle products due to hashing collisions. Altogether, the flaw, which affected Oracle WebLogic Server, Oracle Application Server and Oracle iPlanet Web Server, enabled hackers to launch remote attacks over a network without the need for authentication credentials such as username and password.

Anonymous Launches Attack On Formula One Grand Prix: Anonymous was up to its usual hacking antics last week when members took down the Formula One Website with a Distributed Denial of Service attack amid protests of the controversial Grand Prix held in Bahrain.

In a statement, the global hacker collective said that attack was motivated by the need to bring awareness to the untold human rights abuses committed by Bahrain's King Hamad bin Al Khalifa, and maintained that the organizers’ decision to go ahead with the F1 Grand Prix ultimately supports a nation where citizens are routinely oppressed, tortured and killed, they said. Anonymous continued that the country’s regime also stands to reap sizable profits from the race and has threatened to use live ammunition against citizens if the protests continue.

Over the years, Anonymous has made a name for itself with its almost omniscient presence around world political issues—so much so that the group recently made Time magazine’s list of the 100 most influential people in the world. But while the notorious hacker collective won the popular vote from the magazine’s Web community with 395,793 votes, ultimately Time placed the group at 36th overall on the list.

Android Instagram Malware Invades Photo Ops: Mobile malware writers put another notch on their belt last week by circulating an attack exploiting Instagram that tricked users into purchasing a bogus copy of the popular photo app and then sending SMS messages from the victim’s Android mobile device to premium numbers in the background.

Essentially, the malware—which appears to originate in Russia-- tricks users into installing the attack from the Android marketplace by impersonating Instagram with a phony homepage interface. However, instead of downloading the popular photo sharing app, unsuspecting victims are really installing a malicious APK that allows attackers to send SMS messages via the victim’s devices.

Over the last year, Android malware has skyrocketed as cybercriminals have flocked to Google’s open and loosely filtered platform. Meanwhile, the photo sharing app has become a prime target for hackers after the small developer was purchased by Facebook earlier this month for a hefty $1 billion. Since Instagram’s debut on the Android platform, the app has thus far received five million downloads, making it a sitting duck for cyber attacks.

** **

Join the Discussion