The attack, which began Tuesday at about 5:30 a.m. Eastern time, was the most significant attack against the root servers since an October 2002 distributed denial of service (DDOS) attack, said Ben Petro, senior vice president of services with Internet service provider Neustar. Root servers manage the Internet’s Domain Name System (DNS), used to translate Web addresses such as Amazon.com into the numerical IP addresses used by machines.

“Two of the root servers suffered badly, although they did not completely crash; some of the others also saw heavy traffic,” said John Crain, chief technical officer with the Internet Corporation for Assigned Names and Numbers (ICANN), in an e-mail interview

The two hardest-hit servers are maintained by the U.S. Department of Defense and ICANN, he added.

The botnet briefly overwhelmed these servers with useless requests, causing them to occasionally hang, but did not disrupt Internet service, Petro said. By 10:30 a.m., Internet service providers were able to filter enough of the traffic from the botnet machines that traffic to and from the root servers was essentially back to normal.

The attack wasn’t that strong and they managed to filter it out, it was in terms of MB rather than GB frequently seen in modern DDoS attacks.

This is the heavy attack and the most significant in the past 5 years or so.

The every biggest attack in root servers is on 21st Oct 2002 full report of that is available here.

A possible security vulnerability in Windows Mail could let attackers run applications on PCs running
Vista. 

An attacker could send an e-mail with a malicious link that, when clicked on, would execute a program on the PC without warning, according to a description of the problem published Friday on a widely read security mailing list called Full Disclosure. Windows Mail is the successor to Outlook Express, Microsoft’s free e-mail client, and ships with
Vista.

Microsoft is investigating the issue, a company representative said in an e-mailed statement. “As a best practice, users should always exercise extreme caution when clicking on links in unsolicited e-mail from both known and unknown sources,” the representative said.

Depending on what the malicious link tells Windows Mail to do, the threat to Vista users could be significant, said Dave Marcus, security research and communications manager at software maker McAfee. “Theoretically, attackers can do a lot of things; they will be able to pass any command through it,” Marcus said.

However, the risk is mitigated because Vista is not widely used, Marcus said. “I don’t think they will see a lot of exploitation simply because there is so little
Vista deployed,” he said. “I think Microsoft would take this seriously and wrap this up in their next patch.”

Vista has been available to consumers since late January. Since then, Microsoft has issued one security update for the operating system to repair a “critical” vulnerability in the scanning engine for Windows Defender, the built-in antispyware tool.

Microsoft is not aware of any attacks that actually attempted to use the newly reported Windows Mail vulnerability, it said. Upon completion of its investigation, the company could issue a security update or provide guidance in another way, the representative said.

Source ZDnet News

Most computer attacks originate in U.S.

By JORDAN ROBERTSON, AP Technology Writer

SAN JOSE, Calif. – The United States generates more malicious computer activity than any other country, and sophisticated hackers worldwide are banding together in highly efficient crime rings, according to a new report.

Researchers at Cupertino-based Symantec Corp. also found that fierce competition in the criminal underworld is driving down prices for stolen financial information.

Criminals may purchase verified credit card numbers for as little as $1, and they can buy a complete identity — a date of birth and U.S. bank account, credit card and government-issued identification numbers — for $14, according to Symantec’s twice-yearly Internet Security Threat Report released Monday.

Researchers at the security software company found that about a third of all computer attacks worldwide in the second half of 2006 originated from machines in the United States. That makes the United States the most fertile breeding ground for threats such as spam, phishing and malicious code — easily surpassing runners-up China, which generates 10 percent of attacks, and Germany, which generates 7 percent.

The United States also leads in “bot network activity.” Bots are compromised computers controlled remotely and operating in concert to pump out spam or perform other nefarious acts.

The legitimate owner of the computer typically doesn’t know the machine has been taken over — and the phenomenon is largely responsible for the palpable increase in junk e-mail in the past half year.

Spam made up 59 percent of all e-mail traffic Symantec monitored. That’s up 5 percentage points from the previous period. Much of the spam was related to stock picks and other financial scams.

The United States is also home to more than half of the world’s “underground economy servers” — typically corporate computers that have been commandeered to facilitate clandestine transactions involving stolen data and may be compromised for as little as two hours or as long as two weeks, according to the report.

The study marks the first time Symantec researchers have studied the national origins of computer attacks. The report focused on attacks during the last half of 2006 on more than 120 million computers running Symantec antivirus software. The company operates more than 2 million decoy e-mail accounts designed to attract messages from around the world to identify spam and phishing activity.

Alfred Huger, vice president of Symantec Security Response, said online criminals appear to be adopting more sophisticated means of “self-policing.” They’re launching denial-of-service attacks on rivals’ servers and posting pictures online of competitors’ faces.

“It’s ruthless, highly organized and highly evolved,” Huger said.

One of the most startling findings: The worldwide number of bot-infected computers rose — an increase of about 29 percent from the previous six months, to more than 6 million computers total — while the number of servers controlling them plunged. The number of such “command-and-control” servers declined by about 25 percent to around 4,700.

Symantec researchers said the decrease signifies that bot network owners are consolidating to expand their networks, creating a more centralized, efficient structure for launching attacks.

Twenty-six percent of the world’s bot-infected computers were in China, a higher percentage than any other country.

According to Symantec, Microsoft Corp.’s Internet Explorer was the most-targeted Web browser, attracting 77 percent of all browser attacks.

Symantec said it expects to see more threats begin to emerge against Microsoft’s Vista operating system. It also expects multiplayer online games to be targeted by phishers, who fool users into divulging passwords or other personal information by creating fake Web sites that look like the real thing.

I just read CNET reporter Joris Evers’ article about new spy software that hides on cell phones. I think it’s outrageous, but I guess it shouldn’t be too surprising since there’s already spyware for your automobile. This spyware for cell phones is called FlexiSpy. FlexiSpy went on the market March 1 and is advertised as a tool to track kids and errant spouses. This software captures call logs, text messages, mobile Internet connections, and new features are being developed. The captured data is sent to vendor Vervata’s servers and can be accessed on a website.
Oh, this soo ripe for abuse! FlexiSpy sounds like the equivalent of a key logger on a computer. Anti-domestic violence groups are outraged, and rightfully so. Security company F-Secure has labeled the application as a Spy Trojan, Flexispy.A and have added detection for it to their mobile anti-virus. F-Secure says FlexiSpy is hidden from the Symbian process menu and is invisible to the phone user. The hidden interface can be accessed with a code known only by the person who installed FlexiSpy. Just like a key logger.
The F-Secure blog and threat description have screenshots of the user interface. FlexiSpy records server time, direction, duration, phone number and contact name. It also records contents of SMS messages. Right now FlexiSpy is available only for cell phone using the Symbian operating system, but plans are in place to release versions for BlackBerrys and phones running Windows Mobile Pocket PC. A Pro version is in the works, too. The Pro version will allow the user to actually listen to conversations on the phone, log email messages and multimedia messages.
The company selling Flexi-Spy, Vervata, based in Bangkok, Thailand defends the application since it has to be knowingly installed by a human, does not self replicate or pretend to be something it’s not, and can be uninstalled. That’s nice. This software has a huge potential for abuse because it can be used to monitor someone without their knowledge and consent.
One has to ask, is it ever morally and ethically acceptable to monitor someone’s communications without their knowledge and consent, whether with a key logger on their computer or with a spy program on their cell phone?
There are some interesting points in the Talkbacks on Evers’ article. Here the poster points out another concern: the potential for abuse of the information stored on the website. She mentions the security of the site — what if hackers got the information? I’d want to see the site’s privacy policy and know what security measures they have in place.
I’d like to know what readers think about the question — is it ever acceptable to electronically monitor someone without their knowledge and consent? A Florida court said NO. The court ruled a wife broke the state law against wiretapping by installing surveillance software Spector on her husband’s computer and recording his online activities. The wiretapping law says who anyone “intentionally intercepts” any “electronic communication” commits a criminal act. It seems to me that the use of FlexiSpy breaks that law, too.

If you haven’t changed the default password on your home router, let this recent threat serve as a reminder.
Attackers could change the configuration of home routers using JavaScript code, security researchers at Indiana University and Symantec have discovered. The researchers first
published their work in December, but Symantec publicized the findings on Thursday.
The researchers found that it is possible to change the DNS, or Domain Name System, settings of a router if the owner uses a connected PC to view a Web page with the JavaScript code. This DNS change lets the attacker divert all the Net traffic going through the router. For example, if the victim types in “www.mybank.com,” the request could be sent to a similar-looking fake page created to steal sensitive data.
“I have been able to get this to work on Linksys, D-Link and Netgear routers,” Symantec researcher Zulfikar Ramzan said. “You can create one Web site that is able to attack all routers. My feeling is that it is just a matter of time before phishers start using this.”
After a router’s DNS setting is changed, all computers connected to the device will use the DNS server set up by the attacker to find their way on the Internet. DNS functions like the phonebook of the Internet, mapping text-based addresses such as www.news.com to actual numeric Internet Protocol addresses of a Web site.
The attack works on any type of home router, but only if the default router password hasn’t been changed, Ramzan said. The malicious JavaScript code embedded on the attacker’s Web page logs into the router using the default credentials–often as simple as “admin” and “password”–and changes the settings.
“One of the issues is that the set-up steps in the router don’t prompt you to change the password,” Ramzan said. As a result, many people never properly configure their networking gear, he said.
In crafting their proof-of-concept attack code, Ramzan and researchers at Indiana University built upon earlier research that showed how JavaScript could be used for malicious purposes. Jeremiah Grossman, chief technology officer at WhiteHat Security, demonstrated how JavaScript let outside attackers target internal corporate networks.
Grossman is impressed by the Symantec and Indiana University work. “This is very dangerous stuff and could be highly effective if used in the wild,” he said.
Router makers already know of the problems with default passwords as well as other security concerns, they said. Linksys, for example, recommends that customers change the default password during the installation procedure, said Karen Sohl, a representative for the company, a division of Cisco Systems. “We are aware of this,” she said.
On its Web site,
Linksys warns users that miscreants are taking advantage of the default passwords. “Hackers know these defaults and will try them to access your wireless device and change your network settings. To thwart any unauthorized changes, customize the device’s password so it will be hard to guess,” the company states.
Still, although Linksys’ software recommends the password change, consumers can either plug in their router without running the installation disk or bypass the change screen, keeping the defaults. The company offers detailed information on how to change the router password on its Web site. Netgear and D-Link also recommend password change