'Stars' Hits Iran

It is in reports that a new computer worm codenamed 'Stars' have been identified as a malicious software and/or part of cyber attacks against Iran.

This could be another/second computer worm to target Iran in the past eight months, after Stuxnet.

Analysts are analysing the peiece of code, no futher details revealed to the rest of the world.

To read more, please follow:

http://www.f-secure.com/weblog/archives/00002146.html

http://www.mehrnews.com/en/newsdetail.aspx?NewsID=1297506

http://www.google.com/hostednews/afp/article/ALeqM5gYXeI4fx6g5vFQS-jkGIdzzf4x4Q?docId=CNG.52b1c572200691378e42eaf823edf1d3.4e1

Lets see, walk with present to see the future.

Propagating Malware via legitimate websites

Few years ago, In 2006 and earlier, “No one ever thought of spreading malware via legitimate websites.” Popular Infection Vectors (before 2006) are:

• Go to system and install a malicious piece of code (Rarely heard of it or very few cases),


• Supply malware in USB drives with autorun (pretty common and still effective, spreading malware enormously)


• Distribute malware as an email attachment (pretty common and still effective unfortunately)


• Convincing users to download legitimate looking software but actually MALWARE (providing direct link in email, chat or other mechanism)

Malware authors are shifting their focus from traditional desktop bases attack methodology to the new emerging dynamic and user interactive web applications for spreading malware.

Drive-by-download. Drive-by-download is working covertly, which make it difficult to suspect or detect. Since last 3-4 years, awareness in web administrators and security professionals regarding server side vulnerabilities has increased. Eventually, they are doing their job quite nicely, securing all six OSI layers except the last and most vulnerable layer- "Application layer".


Motive of malware authors:

• Access on the infected computer


• Steal user credentials, banking or other passwords


• Use as a launching pad for further attacks


• Install more sophisticated malwares/viruses


• Gain chain of access to corporate networks via VPN etc for which user or user's system is allowed for.

Web 2.0 functionalities are also being effectively used for controlling botnet.

Details may be find in presentations.
1. WCMP-Web2.0 Attacks.pdf
2. Tweet for DDoS.pdf

To know more, follow:
http://www.cert-in.org.in/s2cMainServlet?pageid=PRSTNVIEW03&reCode=CIWS-2011-1910

http://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2011-0066.0%20Attacks.pdf

http://www.cert-in.org.in/Downloader?pageid=5&type=2&fileName=CIPS-2011-0067.pdf

#@v3 #@f3 8r0w$!n9 . . .

nj0y !!!