2010
07.21

Episode 177 – Copy Machine, Dell Malware, OISF & ZeuS

Category: Podcast / Tags: no tag / 1 comment

InfoSec Daily Podcast

 
ISDPodcast Episode 177 for July 21, 2010.  Tonight’s podcast is hosted by Rick Hayes, Matthew Shoemaker and Karthik Rangarajan.  In this episode we will discuss Copy Machine, Dell Malware, OISF & ZeuS.

Announcements:

MyHardDriveDied.com:

SANS Mentoring Program:

  • Jason Lawrence will be teaching the SANS Mentor Forensics 508 – Computer Forensics and Investigations course in Sandy Springs starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=21538).  Use the Discount Code: isdpod15 for a 15% discount.
  • Adrian Sanabria will be teaching the SANS Security 504 – Hacker Techniques, Exploits & Incident Handling in Knoxville, TN starting Tuesday, October 12, 2010 – Tuesday, December 14, 2010 (http://www.sans.org/mentor/details.php?nid=22258).  Use the Discount Code: isdpod15KY for a 15% discount.

Atlanta ISSA:

SANS Community:

9am-5pm US ET
Hilton Atlanta Airport Hotel
1031 Virginia Avenue
Atlanta, GA 30354

  • Registration for these classes by Aug 4th offers both $400 Early Bird savings and registration for the ISSA Conference (existing members). All attendees also receive a one year ISSA membership.  Use the Discount Code: isdpod15 for a 15% discount.

The Louisville Metro InfoSec Conference:

Stories of Interest:News item 1:  http://www.nbc12.com/Global/story.asp?S=12802532
Almost everyone has used a copy machine, they’re most likely at your job, or at your doctor, or dentists office. They’re in almost every business and used several times a day. Copy machines can do just about everything these days. Now more than ever though, many people are concerned that a quick photo copy can lead to someone stealing your identity. The secret is in the copy machine’s hard drive. Just a like a computer, these machines can now store information. Chances are, the very image you copy could be saved to the machine’s memory.

“It has evolved over the last few years,” said Christopher. “Every year the manufactures make a new machine with new features just like cars. They’re multi-functional devices. You can scan, fax, print, store information, and connect to the network security.” And the hard drive your documents are stored on isn’t too hard to get to by hackers or someone looking to commit identity theft.  “You can remove a couple panels and see the hard drive,” said IT expert, Tracy Short, with Cobb Technologies. “We remove two panels and there it is. Four more screws and you can have the hard drive out.”
News Item 2: http://en.community.dell.com/support-forums/servers/f/956/t/19339458.aspx
Dell is apparently warning customers that “a small number” of its PowerEdge R410 server motherboards may contain malicious software.  “The potential issue involves a small number of PowerEdge server motherboards sent out through service dispatches that may contain malware,” according to post on a Dell support forum. “This malware code has been detected on the embedded server management firmware.”

The malware issue affects a limited number of replacement motherboards in four servers, the PowerEdge R310, PowerEdge R410, PowerEdge R510 and PowerEdge T410 models, wrote Forrest Norrod, vice president and general manager of server platforms at Dell, in an email. It only potentially manifests itself when a customer has a specific configuration and is not running current antivirus software, Norrod wrote.  “Dell is aware of the issue and is contacting affected customers. This issue does not affect systems as shipped from our factory and is limited to replacement parts only. Dell has removed all impacted motherboards from its service supply chain and new shipping replacement stock does not contain the malware,” Norrod wrote.  Dell provided no further details on the malware, how it affects servers and potential ways to fix it, but said further details will be posted soon at Dell’s website.

News Item 3:  http://www.openinfosecfoundation.org/index.php/download-suricata
The Open Information Security Foundation (OISF), a group funded by the U.S Department of Homeland Security (DHS) and several security vendors, this week released an open source engine built to detect and prevent network intrusions.  The somewhat oddly named Suricata 1.0 engine is touted as a replacement for the 12-year-old Snort open source technology that over the years has emerged as a sort of de facto standard for detecting and preventing intrusions. Snort currently claims close to 300,000 registered users and over 4 million downloads. Nearly 100 vendors currently have added Snort to network security devices. Earlier this month Amazon announced that it has selected Snort to deliver IPS protection for its Web services customers.

News Item 4:  http://www.networkworld.com/news/2010/071310-zues-mastercard.html

The notorious ZeuS banking Trojan is showing off a new trick: Popping up on infected computers with a fake enrollment screen for the “Verified By Visa” or “MasterCard SecureCode Security” programs.

The real and legitimate Visa and MasterCard card-fraud prevention programs have cardholders use a password when making card-based purchases online as an additional means of security.

The Zeus Trojan, with its ever-growing capability to steal financial information and execute unauthorized funds transfers, has recently been seen attacking banking customers on infected machines by displaying a fake “Verified by Visa” enrollment screen, or its MasterCard counterpart SecureCode, trying to lure victims into a fraudulent online enrollment action that would end up giving criminals their sensitive financial data.