Internet security researchers on Thursday warned that hackers have caught on to a “critical” flaw that lets them control traffic on the Internet.

An elite squad of computer industry engineers that labored in secret to solve the problem released a software “patch” two weeks ago and sought to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks.

“We are in a lot of trouble,” said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

“This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please,” Kaminsky said. “This is a big deal.”

Two “exploits,” software snippets that take advantage of the vulnerability, have been unleashed on the Internet in the past 24 hours, Securosis analyst Rich Mogul said during the conference call.

A new kind of malicious software could pose a danger to Windows users who download music files on peer-to-peer networks.

The new malware inserts links to dangerous Web pages within ASF Advanced Systems Format media files.

The possibility of this has been known for a little while but this is the first time we ve seen it done, said David Emm, senior technology consultant for security vendor Kaspersky Lab.

Advanced Systems Format is a Microsoft-defined container format for audio and video streams that can also hold arbitrary content such as images or links to Web resources.

If a user plays an infected music file, it will launch Internet Explorer and load a malicious Web page which asks the user to download a codec, a well-known trick to get someone to download malware.

The actual download is not a codec but a Trojan horse, which installs a proxy program on the PC, Emm said. The proxy program allows hackers to route other traffic through the compromised PC, helping the hacker essentially cover their tracks for other malicious activity, Emm said.

The malware has worm-like qualities. Once on a PC, it looks for MP3 or MP2 audio files, transcodes them to Microsoft s Windows Media Audio format, wraps them in an ASF container and adds links to further copies of the malware, in the guise of a codec, according to another security analyst, Secure Computing.

The .mp3 extension of the files is not modified, however, so victims may not immediately notice the change, according to Kaspersky Lab.

Trend Micro calls the malware “Troj_Medpinch.a,” Secure Computing named it ” “Trojan.ASF.Hijacker.gen” and Kaspersky calls it “Worm.Win32.GetCodec.a.”

Have you ever wanted to know the name of admin@gmail.com? Now you can.

Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless “feature” to a rather serious privacy violation. According to some reports, spammers are already exploiting this “feature”/bug to send personalized spam messages.

On Monday, Symantec opened two of its Norton 2009 products to public beta. Both Norton Internet Security 2009 and Norton Antivirus 2009 feature new code that not only makes the scans and services run faster, but consume fewer system resources, says Tom Powledge, vice president of consumer product management.

As an example, Powledge said that where Norton Internet Security 2006 consumed roughly 300MB of hard-disk space, the 2009 version is coming in around 100MB. Symantec has achieved this, in part, by reducing a number of redundancies introduced over the years. For example, previous versions of NIS contained multiple copies of the antivirus signature database.

For antivirus protection, faster and lighter has been achieved by focusing only on the files that have changed. As hard drives fill with digital photos and songs–files that typically do not change–Norton is able to mark them as trusted and then ignore them on subsequent scans. Powledge says this results in big gains in speed, reducing the time it takes to scan large drives.

Also, in order to keep up with the ever-changing malware loose on the Internet today, the 2009 products with be updated every 15 minutes or so with new signature files.

A Brooklyn man was sentenced to 30 months in prison on Tuesday for sending spam e-mails to more than 1.2 million subscribers of America Online in a scheme that foiled the Internet company’s spam-filtering system.

Adam Vitale, 27, was sentenced in federal court in Manhattan after pleading guilty more than a year ago to breaking anti-spam laws. He was also ordered to pay $180,000 to AOL in restitution.

Vitale was caught making a deal with a government informant to send junk e-mails — known as spam — that advertised a computer security program in return for 50 percent of the product’s profits, prosecutors said.

“Spamming is serious criminal conduct; this is not a teenager engaging in child’s play,” U.S. District Judge Denny Chin told Vitale as he sentenced him. Vitale earlier apologized and said he had learned a lesson.

Security researcher and author Kris Kaspersky plans to demonstrate how an attacker can target flaws in Intel’s microprocessors to remotely attack a computer using JavaScript or TCP/IP packets, regardless of what operating system the computer is running.

Kaspersky will demonstrate how such an attack can be made in a presentation at the upcoming Hack In The Box (HITB) Security Conference in Kuala Lumpur, Malaysia, during October. The proof-of-concept attacks will show how processor bugs, called errata, can be exploited using certain instruction sequences and a knowledge of how Java compilers work, allowing an attacker to take control of the compiler.

“I’m going to show real working code…and make it publicly available,” Kaspersky said, adding that CPU bugs are a growing threat and malware is being written that targets these vulnerabilities.

Different bugs will allow hackers to do different things on the attacked computers. “Some bugs just crash the system, some allow a hacker to gain full control on the kernel level. Some just help to attack Vista, disabling security protections,” he said.

The demonstrated attack will be made against fully patched computers running a range of operating systems, including Windows XP, Vista, Windows Server 2003, Windows Server 2008, Linux and BSD, Kaspersky said, adding that the demonstration of an attack against a Mac is also a possibility.

Computer industry heavyweights are hustling to fix a flaw in the foundation of the Internet that would let hackers control traffic on the World Wide Web.

Major software and hardware makers worked in secret for months to create a software “patch” released on Tuesday to repair the problem, which is in the way computers are routed to web page addresses.

“It’s a very fundamental issue with how the entire addressing scheme of the Internet works,” Securosis analyst Rich Mogul said in a media conference call.

“You’d have the Internet, but it wouldn’t be the Internet you expect. (Hackers) would control everything.”

The flaw would be a boon for “phishing” cons that involve leading people to imitation web pages of businesses such as bank or credit card companies to trick them into disclosing account numbers, passwords and other information.

Attackers could use the vulnerability to route Internet users wherever they wanted no matter what website address is typed into a web browser.

Security researcher Dan Kaminsky of IOActive stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants including Microsoft, Sun and Cisco to collaborate on a solution.

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

“People should be concerned but they should not be panicking,” Kaminsky said. “We have bought you as much time as possible to test and apply the patch. Something of this scale has not happened before.”

Kaminsky built a web page, www.doxpara.com, where people can find out whether their computers have the DNS vulnerability.

Adobe’s announcement that Google and Yahoo! will be indexing Flash content at a much deeper level was met with all sorts of reactions last week, ranging from praise from the Flash and Flex communities to utter shock and horror from some HTML fundamentalists expressing fear that the end was nigh.

Well, it appears that Google has already started using this new indexing system and some Flash developers are not happy by how much it is revealing about their applications.

Peter Elst, a prominent Flash developer (diclaimer: and member of the Flash Pack on Pistach.io, of which I am a partner), just Twittered the following:

oh no, SWF indexing seems to do just as I feared — already noticed Google was picking up my test Flash SEO swf but its now exposing URL’s

And posted his concerns on his blog, wherein he quotes Ryan Stewart from Adobe on what exactly is getting indexed:

… it will move through the states of your application, get data from the server when your application normally would, and it will capture all of the text and data that you’ve got inside of your Flash-based application.

Peter goes on to state why this could be dangerous:

The concern I have here is that URL requests to the backend will get indexed, those URLs getting exposed in search queries or spider bots hitting those URLs could cause issues. Its not like in HTML content where the search engines can ignore form submit URLs, there is no such context in a HTTPService or URLRequest.

This doesn’t sound good: The nonprofit agency in charge of the Internet’s addresses recently lost track of its own.

The Internet Corporation for Assigned Names and Numbers, or ICANN, said it happened when an Internet registration company it oversees got fooled into transferring the domain names ICANN.com and IANA.com to someone else.

The attack was quickly noticed, and ICANN’s domain names were restored within 20 minutes. However, because many Internet directories retain information for a day or two, visitors could have been redirected to an unauthorized site for longer.

ICANN said Thursday that new, unspecified security measures should prevent such attacks in the future. The organization also said it was reviewing other security procedures.

The organization’s main sites at ICANN.org and IANA.org, were not affected by the attack.

On Wednesday, Microsoft announced new security features within the upcoming release of Internet Explorer 8 Beta 2. The features are designed to combat the rising tide of drive-by downloads and malicious scripts contained within carefully crafted links embedded in e-mail and Web pages. Most of the new features require systems to be running Windows Vista SP1 or Windows XP SP3.

Perhaps the most anticipated addition is Internet Explorer’s new antimalware protection. Opera 9.5 and Firefox 3 both recently added antimalware protection. Safari has so far not announced plans for similar protection. Using mostly its own antimalware technology, Microsoft will block emerging threats by masking the entire IE 8 browser screen with a warning to users. The addition of malware protection to the existing antiphishing protection will be re-branded as the Microsoft SmartScreen filter.

IE 8 Beta 2 will have a Cross Site Scripting (XSS) filter, preventing scripts within a link from executing on the browser.

Israeli hackers boasted Thursday about breaking into the website of Izz al-Din al-Qassam, Hamas’ military wing, which now displays a white screen and words in Arabic announcing technical difficulties.

The hacker group, which calls itself Fanat al-Radical (the fanatical radicals), also said that it broke into additional terror organizations’ sites and those of various leftist movements.
Muslim Hacker

In a Ynet interview, a group representative who refused to reveal his name said, “We searched for relevant sites with the criteria we look for, whether leftist or anti-Zionist, and looked for loopholes. Our emphasis was always on the al-Qassam site.

“The criteria are defined as anti-Zionist or anti-Jewish sites that support or assist in harming Zionism and the existence of Israel as a Zionistic, Jewish state”.

According to him, the group consists of young adults from 16 to 18 years of age.

In addition to the Hamas military wing’s site, they also broke into the Balad political party site, that of the Hagada Hasmalit (the left bank), the Kibush (occupation) site and more.

The hacked sites are now equipped with an Israeli flag, the words of the Israeli national anthem “Hatikva” with vowels and pictures of Palestinian babies and children dressed as suicide bombers. A short explanation of why this specific site was broken into to begin with is also included.

The Left Bank site, considered by the group as “another site identifying with the left,” was broken into “due to its blatant anti-Zionist contents.”

On Monday, Adobe released a security update for a serious vulnerability within Reader and Acrobat. The vulnerability described in CVE-2008-2641 is being circulated on the Internet. Adobe says if exploited the vulnerability could crash applications and could allow an attacker to take control of the affected system.

The update affects Adobe Reader 8.0 through 8.1.2, Adobe Reader 7.0.9 and earlier, Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2, Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier. It does not affect Adobe Reader 7.1.0 and Acrobat 7.1.0.