Perimeter
11/8/2010
02:51 PM
Commentary
Commentary
Commentary
50%
50%

The Politics Of Malware

I recently saw a provocative tweet from @mikkohypponen that reminded me malware is still quite often politically motivated.

I recently saw a provocative tweet from @mikkohypponen that reminded me malware is still quite often politically motivated.

Just got a phone call. Had to remove an image from my last blog post: http://bit.ly/c1S94U Sorry if you missed it.

Of course, I just had to click through to see what was removed and why. Mikko's post deals with the evolution of a Firefox zero-day found on the Nobel Peace Prize website in late October. This time around, attackers are exploiting interest in the Peace Prize via an Adobe Reader/Acrobat exploit (CVE-2010-2883. The exploit is contained in a PDF attachment carried by the email, which masquerades as an invite to the Nobel Prize ceremony.

The removed image that Mikko referenced in his Twitter post was the red herring file displayed when a victim opened the PDF. Curiosity seekers can still see a copy of the decoy in this Contagio blog. Basically, it's a very convincing-looking invitation to "celebrate human rights and the universal message of Liu Xiaobo".

Mary Landesman is an antivirus professional and senior security researcher for ScanSafe, now part of Cisco. In 2009 she was awarded a Microsoft MVP for her work in consumer security.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-6628
Published: 2015-05-28
Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows remote administrators to execute arbitrary code via unspecified vectors.

CVE-2015-1389
Published: 2015-05-28
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.

CVE-2015-1392
Published: 2015-05-28
Multiple SQL injection vulnerabilities in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allow remote administrators to execute arbitrary SQL commands via unspecified vectors.

CVE-2015-1550
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote administrators to execute arbitrary files via unspecified vectors.

CVE-2015-1551
Published: 2015-05-28
Directory traversal vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.4 allows remote administrators to read arbitrary files via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?