A Trojan horse embedded in a pirated version of the latest Windows OS has already created tens of thousands of bots, according to security researchers

A pirated version of Windows 7 Release Candidate (RC) infected with a Trojan horse has created a botnet with tens of thousands of bots under its control, according to researchers at security firm Damballa.

The software, which first appeared on 24 April, spread as quickly as several hundred new bots per hour, and controlled roughly 27,000 bots by the time Damballa took over the network’s command and control server on 10 May, the firm said on Tuesday.

The pirated software was spread via popular piracy sites and online forums, Damballa said.

The software is primarily designed to download and install other malicious packages under a ‘pay-per-install’ scheme, under which the botmasters are paid based on the number of other pieces of malware they cause to be installed, Damballa said.

Infected installations are continuing to appear at a rapid rate, according to the company.

“We continue to see new installs happening at a rate of about 1,600 per day with broad geographic distribution,” said Tripp Cox, Damballa’s vice president of engineering, in a statement. “Since our takedown (of the command and control server), any new installs of this pirated distribution of Windows 7 RC are inaccessible by the botmaster.”

However, the botmaster still controls the existing installations, Damballa said. The infected systems are mainly concentrated in the US, with 10 percent, and the Netherlands and Italy, with 7 percent each.

Windows 7 RC has been used as a lure by other malware distributors since its launch on 5 May, according to security experts. On Monday, Trend Micro said it found the Trojan horse TROJ_DROPPER.SPX masquerading as a copy of the release candidate.

Botnets are one of the most serious threats on the internet, according to security experts, and are typically used to carry out denial-of-service attacks or phishing schemes or to send junk mail. Last month, SecureWorks researcher Joe Stewart suggested that technology was not enough to stop botnets, arguing the IT industry should look to new law-enforcement measures.

The legitimate version of Windows 7 RC is available from Microsoft’s website.

Breaches exposed sensitive FAA employee data, forced the shutdown of part of a network, and could have allowed hackers to disrupt the agency’s mission-support network, a US government report says
Hackers have broken into the air-traffic control mission-support systems of the US Federal Aviation Administration several times in recent years, according to an Inspector General report sent to the FAA this week.

In February, hackers compromised an FAA public-facing computer and used it to gain access to personally identifiable information, such as Social Security numbers, on 48,000 current and former FAA employees, the report said.

Last year, hackers took control of FAA critical network servers and could have shut them down, which would have seriously disrupted the agency’s mission-support network, the report said. Hackers took over FAA computers in Alaska, becoming “insiders”, according to the report, dated Monday.

Then, taking advantage of interconnected networks, hackers later stole an administrator’s password in Oklahoma, installed “malicious codes” with the stolen password and compromised the FAA domain controller in the Western Pacific Region, giving them the access to more than 40,000 FAA user IDs, passwords and other data used to control a portion of the mission-support network, the report said.

And in 2006, a virus spread to the air-traffic control (ATC) systems, forcing the FAA to shut down a portion of its systems in Alaska, according to the report.

The attacks so far have primarily disrupted mission-support functions, but attacks could spread over network connections from those areas to the operational networks where real-time surveillance, communications and flight information is processed, the report warned.

“In our opinion, unless effective action is taken quickly, it is likely to be a matter of when, not if, ATC systems encounter attacks that do serious harm to ATC operations,” the report concluded.

The breaches were possible because web applications that support the air-traffic control system operations are not properly secured to prevent unauthorised access and network intrusion-detection software is not adequately being used to monitor and detect cyberattacks, the report concluded.

The FAA’s increasing use of commercial software and Internet Protocol-based technologies as part of an effort to modernise the air-traffic control systems poses a higher security risk to the systems than when they relied primarily on proprietary software, the report said.

“Now, attackers can take advantage of software vulnerabilities in commercial IP products to exploit ATC systems, which is especially worrisome at a time when the nation is facing increased threats from sophisticated nation-state-sponsored cyberattacks,” the report said.

In general, the nation’s critical infrastructure is increasingly at risk as previously isolated and closed systems are moved to the internet and commercial software, such as Windows, is used, security experts have said.

The air-traffic control system auditors said they discovered more than 760 high-risk vulnerabilities in the web applications tested, including holes that provided “front-door access” to the systems and could allow attackers to inject malicious code onto FAA user computers. Web applications were not adequately configured and the applications with known vulnerabilities were not patched in a timely manner, auditors found.

Meanwhile, intrusion-detection systems (IDS) are deployed at only 11 of hundreds of air-traffic control facilities and none of the IDS sensors is installed to monitor operational systems at those sites, the report said. Cyber-incidents are not effectively monitored or fixed quickly, the report concluded.

In 2008, more than 870 cyber-incident alerts were issued to the organisation responsible for air-traffic control operations and, by the end of the year, 17 percent (more than 150 incidents) had not been remediated, “including critical incidents in which hackers may have taken over control [of operations computers]“, the report said.

The FAA is “identifying and fixing weaknesses”, FAA spokeswoman Laura Brown told The Wall Street Journal. “We are working on developing security architecture for that whole system.”

However, Brown dismissed the notion that hackers could get access to critical air-traffic control operational systems.

The audit of the air-traffic control systems was requested by the ranking minority members of the House Committee on Transportation and Infrastructure and its Aviation Subcommittee.

The software, expected to be released broadly on Tuesday, arrived just ahead of that time on Microsoft’s website
The release candidate of Windows 7 has made its public debut early.

After arriving first on torrent sites and then showing up on Microsoft’s developer program websites from 30 April, the operating system arrived on the main Microsoft.com website late on Monday night. The software was slated to be made publicly available on Tuesday.

The release candidate version, officially build 7100, is expected to be the last major public test of the product before it is finalised.

Officially, the company will only confirm that it plans to release Windows 7 before Windows Vista hits its third anniversary of broad availability in January. However, the software maker is widely seen as aiming to finish it soon enough for it to be on PCs that ship during this year’s Christmas shopping season.

A Microsoft representative was not immediately available for comment.

The US Federal Trade Commission is examining whether the fact the companies have two members of their boards of directors in common amounts to a violation of antitrust law
The US Federal Trade Commission has decided to investigate the relationship between Google and Apple, according to a report.

According to a New York Times report on Monday, Google and Apple have been informed that the FTC would like to investigate whether the fact the companies have two members of their boards of directors in common amounts to a violation of antitrust law. The board members in question are Google chief executive Eric Schmidt and former Genentech chief executive Art Levinson. The New York Times attributed the news to anonymous sources. All three parties — the FTC, Apple and Google — declined to comment on the matter for the report.

Schmidt’s involvement on Apple’s board has long raised eyebrows, especially after Google revealed plans to release its own mobile operating system in Android. Schmidt has said he recuses himself from Apple board meetings where the iPhone is discussed, but under Section 8 of the Clayton Antitrust Act, companies are not supposed to have the same board members if “it would reduce competition between them”, the Times reported.

Given that Android is such a small part of Google’s business at this point in its history, the relationship between the two companies may not amount to a clear violation, according to legal experts interviewed by the Times. However, neither company is likely to be happy about government scrutiny; and Google is reportedly facing another investigation from the US Department of Justice over Google Book Search.

Source

Critical vulnerabilities in Adobe Reader and Acrobat will be fixed in product updates in a week’s time, the company has said
Adobe has said it will issue updates to its Reader and Acrobat products on Tuesday 12 May, in a bid to fix recently discovered critical vulnerabilities.

At the end of April, Adobe issued an advisory warning about a JavaScript flaw in all currently supported versions of Adobe Reader, its popular PDF-viewing software. The vulnerability could let an intruder remotely execute code on a user’s machine, causing the application to crash and potentially allowing the attacker to take control of the affected system.

On Friday, David Lenoe from Adobe’s Product Security Incident Response Team (PSIRT), blogged that the company was in the process of fixing the issue and said the relevant product updates are scheduled to appear by 12 May.

“Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X,” Lenoe wrote.

The software maker has also confirmed the existence of another vulnerability, in Adobe Reader for Unix, Lenoe said. That flaw will also be remedied in the scheduled updates for Adobe Reader for Unix, he noted.

Lenoe advised users waiting for the updates to disable JavaScript in Reader and Acrobat in the meantime.

The vulnerabilities are the latest in a string of security flaws found in Adobe’s products. In March, Adobe patched a zero-day flaw in Reader that had led to exploits in the wild, while in February it had to issue a patch for a critical vulnerability in the Flash player.

In his post on Friday, Lenoe said that Adobe’s security team had been unable to “reproduce an exploitable scenario for Windows and Macintosh”, but said it would continue to investigate the issue.