"virus-like computer script" & credit card data theft

Data on 40 million credit card transactions may have been compromised through the use of a 'hacking tool' such as a remote access trojan or automated data-stealer, if unconfirmed reports about the CardSystems data theft from the largest affect credit card company, MasterCard, are to be believed. Another 'data theft facilitated by malware' story that was dwarfed by the CardSystems one, was the 'leakage' of around 40MB of sensitive data and documents about more than 20 of Japan's power generating plants, including seven nuclear plants.

This issue's topics:

Introduction:

* Malware steals lots of data; Veritas, RealPlayer, Netscape & Java updates

Virus News:

* "virus-like computer script" implicated in credit card data theft

* Japanese nuclear power information leaked to Internet by "virus"

Security News:

* Increase in port 445 activity — MS05-027 worm in preparation?

* Multiple RealPlayer vulnerabilities fixed

* Critical Sun Java updates

* Netscape Browser 8.0.2 released

* Fixes for multiple critical vulnerabilities in Veritas backup software

Introduction:

Data on 40 million credit card transactions may have been compromised through the use of a "hacking tool" such as a remote access trojan or automated data-stealer, if unconfirmed reports about the CardSystems data theft from the largest affect credit card company, MasterCard, are to be believed. Another "data theft facilitated by malware" story that was dwarfed by the CardSystems one, was the "leakage" of around 40MB of sensitive data and documents about more than 20 of Japan's power generating plants, including seven nuclear plants.

On the security front, important to critical updates for RealPlayer, Java, the Netscape Browser and Veritas Backup Exec are all covered, as is the suggestion that applying the MS05-027 SMB patch from this month's "Patch Tuesday" release may be becoming more urgent.

Virus News:

* "virus-like computer script" implicated in credit card data theft

Lest you've been sheltering under a (presumably rather cold and wet) rock for the last week and a bit, we assume you've heard and/or seen coverage of the reported exposure of around 40 million credit card transactions, including sufficient data for fraudulent use.

Although not mentioned in quite such explicit terms in the company's official press release (linked below), MasterCard's public relations spokesperson Sharon Gamsin is widely quoted across the media as saying the FBI was investigating how a "virus-like computer script that captured customer data" got into the computer systems at CardSystems Solutions. CardSystems Solutions has (perhaps not surprisingly) been more circumspect in its public announcements, pretty much limiting itself to confirming the bare minimum of facts.

As data from transactions involving some 13,000 New Zealand-based cards was included in the CardSystems exposure, we have also included a link to a local item covering this angle.

MC Identifies Security Breach at CardSystems Solutions — mastercard.com

Statement from CardSystems Solutions — cardsystems.com

Retailers may be left with bill from card fraud — computerworld.co.nz

* Japanese nuclear power information leaked to Internet by "virus"

Mitsubishi Electric Corporation of Japan has admitted that failure to follow its internal policies regarding the use of company data on its staff's home or personal computers resulted in a leak of over 40MB of sensitive information about more than 20 Japanese power plants, to the internet. Included in the leaked data was information related to seven nuclear power plants.

A 30 year old engineer is said to have transferred the sensitive data to an external hard drive. He then took that home and connected it to his personal computer to continue working from home. That PC was running the Winny P2P file sharing software attached to one of the most popular P2P networks in Japan.

Earlier this March the engineer's home computer became infected with an (unidentified) virus, which enabled sharing of the data on the external drive via the P2P software. The Mitsubishi Electric official statement says that no classified nuclear power information was included among the data the engineer had taken home, but details of power plant staff, including names, birth dates and contact information was among that leaked by the virus via P2P.

Lax rules cited in leak of data on 20 power plants — asahi.com

Security News:

* Increase in port 445 activity — MS05-027 worm in preparation?

Several large-scale network monitoring organisations have reported a notable increase in scanning for port 445 over the last week or so. It is broadly speculated that the public availability of at least one functional exploit for the MS05-027 Server Message Block (SMB) vulnerability may be behind this, with malcontents planning to release a worm or other widespread attack (distribution of new bot-net agents perhaps) possibly preparing a "seed list" of accessible machines to improve the initial hit-rate of their attack.

If such an attack is imminent, installation of the MS05-027 patches becomes even more important, especially to organisations with "leaky borders". Don't forget that this includes contractors, consultants, other "visitors" and, of course, your own staff, who are allowed to carry a laptop into the organisation and plug it into the network without special checks or controls, and thereby completely bypassing the network's boundary defences such as firewalls and IDSes.

Microsoft Security Bulletin MS05-027

* Multiple RealPlayer vulnerabilities fixed

RealNetworks has released updates for most of its RealPlayer and RealOne Player media players across most supported platforms to address several serious to critical vulnerabilities. The worst of these expose users of the affected players to arbitrary remote code execution through buffer overflows in the players' handling of specially malformed media files such as .AVI and .MPG files.

The details of precisely which versions of the products are affected and the processes for obtaining and installing the appropriate updates are described in the RealNetworks security advisory linked below.

RealNetworks Updates Address Security Vulnerabilities — real.com

* Critical Sun Java updates

Two serious vulnerabilities in Sun Java have been fixed in recent updates. As described in the first of the Sun advisories (linked below) the versions of Java Web Start included in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 for Windows, Solaris and Linux are vulnerable to privilege elevation vulnerability. Earlier versions of Java Web Start are said to not be vulnerable. This flaws could see a Java application launched by Java Web Start grant itself permission to read and write local files and perform other actions as the user that normally should not be available to Java applications.

The second vulnerability is a similar issue with untrusted applets running under the Java Runtime Environment and affects the Windows, Solaris and Linux versions of Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2_07 and earlier 1.4.2 releases. Sun's advisory says that J2SE 1.3.1_xx releases for Windows, Solaris and Linux are not vulnerable.

Tests for vulnerable versions and links to updates are available from the Sun advisories linked below.

Security Vulnerability With Java Web Start — sun.com

Security Vulnerability With Java Runtime Environment — sun.com

* Netscape Browser 8.0.2 released

Netscape has released version 8.0.2 of its browser. This update includes a fix for the Internet Explorer XML display problem and all the security fixes from Firefox 1.0.4 (which were also included in the 8.0.1 release). There are a few stability and other non-security bug fixes too, but this is probably not a compelling update apart from those affected by the IE XML issue.

Release Notes — netscape.com

Download The Netscape Browser v8.0.2 — netscape.com

* Fixes for multiple critical vulnerabilities in Veritas backup software

Security researchers at iDefense and NGSSoftware have discovered multiple serious vulnerabilities in various components of Veritas Backup Exec software. Most expose remotely exploitable arbitrary code execution vulnerabilities, so should be treated with some concern. Brief descriptions detailing which versions of what products are affected, and providing links to the recommended updates, are available in the six Veritas security advisories linked below. Note that at the time of writing the Veritas website was returning a blank page for the first of the linked advisories (VX05-001), so we have included a link to the original page in Google's cache in case that page is still not available.

VERITAS Software Security Advisories — veritas.com

VERITAS Software Security Advisories — veritas.com

VERITAS Software Security Advisories — veritas.com

VERITAS Software Security Advisories — veritas.com

VERITAS Software Security Advisories — veritas.com

VERITAS Software Security Advisories — veritas.com

Google's cached copy of VX05-001 advisory — google.com

Join the newsletter!

Error: Please check your email address.

More about FBIGoogleiDefenseLinuxMicrosoftMitsubishi AustraliaMitsubishi Electric AustraliaMitsubishi Electric AustraliaRealNetworksVeritasVeritas

Show Comments
[]