When such PDF files are viewed on vulnerable machines, they start downloading software from servers in Malaysia or Sweden, which are now being cleaned, he said. “There will be more such attacks.”

“We are worried about this case, as PDF attachments are typically not filtered at email gateways.”

A security update for Adobe Reader and Acrobat was made available a few days ago, but many users have not updated the program yet, Hypponen said.

The bug came to light after the NASA space agency warned employees of a spike in attacks that it said originated from advertisements placed on “well-known” but unnamed news sites.

“Real has created a patch for RealPlayer 10.5 and RealPlayer 11 that addresses the vulnerability identified by Symantec on 10/18,” said Russ Ryan, RealPlayer’s general manager for product development, in a posting to a company blog today.

NASA knew first

Late Thursday, Symantec released a warning to customers of its DeepSight threat network that said an ActiveX control installed by RealPlayer was flawed. When combined with Microsoft Corp.’s Internet Explorer (IE) browser — which relies on ActiveX controls to extend its functionality — the bug can be exploited and malicious code downloaded to any PC that wanders to a specially crafted site.

Only systems on which both RealPlayer and IE have been installed are vulnerable.

Symantec hinted that it first found out about the vulnerability by reading a blog that had posted information about the bug Wednesday morning. The blogger, identified only as Roger, claimed that NASA had warned workers not to use IE because of an unspecified problem with RealPlayer.

On Friday, agency spokesman Mike Mewhinney confirmed Roger’s account. According to Mewhinney, who works at the Ames Research Center south of San Francisco, the alert went out Tuesday. Employees were told of a surge in security problems at Ames and other NASA centers, and informed that systems running IE and RealPlayer had been infected, apparently by malicious code downloaded after visiting legitimate sites.

“Recent indicators point to well-known news sites which may be hosting advertisements from ad servers that redirect the users to malware hosting sites,” the NASA warning said. Workers were also instructed to limit their use of IE to browsing NASA’s intranets, and to “Use non Internet Explorer browsers, such as Mozilla Firefox, Opera, etc., for sites external to NASA.”

Symantec ranked the attack as a “10″ on its urgency scale because it confirmed that attacks were being conducted in the wild; those attacks had resulted in malicious code downloaded to victimized PCs. Originally, however, Symantec saw a silver lining, and said in the Thursday warning that: “We are not currently aware of widespread exploitation of this issue,” the company’s warning read.

But then…

By Friday, however, Symantec had changed its tune.

After retracing attacks on one of its honeypots, Symantec said the exploit code was embedded in advertisements served by 247realmedia.com, a New York-based digital marketing company that’s part of WPP Group PLC, a U.K.-based marketing giant with revenues of $12.1 billion in 2006. WPP may be better known for some of the 200+ companies under its logo, including ad agency J. Walter Thompson (now JWT), and the public relations company Hill & Knowlton.

The ads served by 247realmedia, Symantec continued, were shown on Tripod.com, the Web hosting service owned by Lycos. Anyone running IE on a PC with RealPlayer also on board whom then visited any Tripod-hosted site with the URL “name.tripod.com” would end up infected.

“To emphasize the severity of this attack, [the ad-called script] is embedded and called in every tripod.com user webpage,” said Symantec in the Friday follow-up analysis.

Other evidence, said Symantec, indicated that attacks had been going on since at least Oct. 8.

Multiple versions of RealPlayer install the ActiveX control, including the current 10.5 and the beta of Version 11, the only two versions that will be patched. Users running older editions — including RealOne Player, RealOne Player v2 and RealPlayer 10 — must first upgrade to 10.5 or 11 before applying the patch.

The RealPlayer 10.5 and 11 patches are to post to the RealNetworks security page before midnight (Pacific) on Friday.

Transport Minister K.N. Nehru inaugurated the sale at a function held at the Chinthamani supermarket on Sunday.

The cracker outlets will function from 9 a.m. to 9 p.m. on all days till Deepavali and adequate stock of crackers have already been procured.

A sales target of Rs. 35 crore has been fixed for the supermarket during the current financial year through its six branches at Kailasapuram, Subramaniapuram, Puthur and Teppakulam in the city and Mapparai and Kulithalai towns. The business done during the half-year stood at Rs. 19 crore.

Special arrangements have been made for the sale of essential commodities such as sugar, dhal, rava, maida, dalda and edible oil at the supermarket in connection with Deepavali. The supermarket’s annual turnover through the sale of controlled and non-controlled commodities was Rs. 45 crore, according to its Special Officer

A. Palanivel. MLAs Anbil Periasamy and K. N. Sekaran, Deputy Mayor M. Anbalagan, deputy registrar of Public Distribution System Sirajudeen were present.

Microsoft on Friday reported that it was looking into the incident, but denied that it was caused by any changes made to its Automatic Update client.

“We have been hearing some questions recently regarding Tuesday’s update release changing automatic updating settings,” wrote Nate Clinton, a Microsoft Update program manager, in a blog post. “We have received some logs from customers, and have so far been able to determine that their AU [automatic update] settings were not changed by any changes to the AU client itself and also not changed by any updates installed by AU.”

“We are still looking into this to see if another application is making this change during setup with user consent, or if this issue is related to something else. We are continuing the investigation, and as I have more information I will update this post,” wrote Clinton.

Clinton appealed for those “running into this issue” to “contact support, and they can walk you through the steps necessary to provide logs and other useful data” to Microsoft.

According to Lustiger, NAS carries the largest bulls-eye for hackers because of its reliance on well-known protocols. The clearly defined protocols can be easily studied to uncover weak spots, he said.

For example, a hacker could penetrate a NAS to discover and peek into file systems available for mounting, the process of adding a file system into an existing directory structure, he said.

The typical NAS system could also allow a hacker to use software clients to create spoof permissions to access data, Lustiger said. Such a compromise could allow a hacker to create bogus users with unique IDs, he added.

Hackers penetrating NAS systems can also build sniffing and password hashes; perform protocol downgrade attacks on Windows NT Lan Manager and LAN Manager authentication; and spy on clear text sent over Common Internet File System and Network File System protocols to “sniff” valuable data.

To help protect NAS and storage environments from prying eyes, Lustiger said IT storage personnel must regularly update server operating system security features to incorporate secure builds, patch processes and the latest malware definitions.

Unfortunately, he noted that storage administrators are often left out of IT security planning and implementation processes. “[Usually] the storage team doesn’t have the same relationship with the security group as the network guys do,” remarked Lustiger. “Very often, security is not involved with [storage] and that’s the problem.”

He said a common mistake made by storage administrators is to use nonsecurity storage devices as if they were security devices to help protect their storage infrastructure. As an example, Lustiger pointed out that Cisco System Inc.’s virtual LAN technology is often mistakenly deployed in this manner.

The hallmark of the Impact line in past versions has been automated penetration testing. But the latest version goes after network security penetration by breaking unsecured Web applications to see how far hackers can get once they have broken through your outer walls.

All of this is done without damaging the system.

“We want to make sure you prioritize and fix problems that are real and not fixing a false positive,” Susan Challenger, vice president of marketing for Core, told InternetNews.com. “Organizations have hundreds and hundreds of existing Web apps, many of which were built long before security was part of the development cycle. You can’t justify rewriting all of them but you know you have to go back and look for potential problems.”

Because most Web apps are custom built, there’s more variation, which requires greater variation in simulated attacks. Impact 7.5 lets the attack be customized on the fly while trying to break the security, and focuses on two types of attacks: Remote File Inclusion (RFI) and SQL Injection.

In both cases, Impact first analyzes pages to see which may be vulnerable to attack. It then generates SQL Injection and RFI attacks based on those results to prove whether the vulnerabilities pose actual threats.

Once inside a network, the Impact agent then behaves just as a hacker might once a system is compromised, exploiting the trusted status it has and probing the system until it finds valuable information or devices. At the same time, Impact is generating a report showing how far it’s successfully penetrated the network.

Core Impact v7.5 will be available within 30 days.

Damage to the business brand and reputation is the most feared consequence of corporate disasters among IT professionals (69 per cent), the figures suggest.

This is closely followed by loss of customer loyalty, impact to their competitive standing (both 65 per cent) and data loss (64 per cent).

The annual report also found that half of organisations have had to execute their disaster recovery plans, while 44 per cent of those without a plan in place have experienced a major incident.

The top reason for IT organisations creating a disaster recovery plan was natural disasters, with 69 per cent of respondents citing this. Fear of virus attacks motivated more than half of those surveyed, with a third giving war and terrorism as their main reason.

The international study questioned IT managers in large organisations in the UK and US, as well as Europe, the Middle East and South Africa.

The breach was disclosed in a letter to federal lawmakers, according to the AP.

The contractor told the agency that all personal information was deleted from the laptops, but TSA investigators found that an individual with data recovery skills could recover the personal information.

The contractor for the agency’s Hazardous Materials Endorsement Threat Assessment program is LexisNexis, the report said.

“TSA takes data security very seriously. The response to this incident is an example of the level of importance we give it,” the TSA said in a prepared statement. “Since this incident, we have mandated to all contractors that all data be encrypted in addition to normal deletion procedures already in place for contracts involving personally identifiable information.”

The TSA, a division of the US Department of Homeland Security (DHS), announced in May that it was investigating a missing external hard drive containing the personal information of about 100,000 employees.

The hard drive contained the names, Social Security numbers, birth dates and bank account, routing and payroll information of employees who worked at the agency between January 2002 and August 2005.

“This effectively allows the Storm author to segment the Storm botnet into smaller networks,” wrote Stewart in his blog post. “This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities. If that’s the case, we might see a lot more of Storm in the future.”

Fast-flux service networks are networks of compromised computer systems with public DNS records that are constantly changing, making it more difficult to track and control criminal activities, according to the Honeynet Project Research Alliance, a forum of honeypot research organisations. A honeypot is an system, often undefended, set up as a trap for attackers.

Stewart said that the good news is that security researchers can now distinguish encrypted Storm traffic from legitimate peer-to-peer traffic, making it easier for network administrators to detect Storm nodes on networks where firewall policies normally allow peer-to-peer traffic.

Antivirus vendor Sophos agreed that Stewart’s analysis of the use of encryption to segment the Storm network for the purposes of resale is “probably correct”.

“Storm’s use of encrypted traffic is an interesting feature which has raised eyebrows in our lab,” said Graham Cluley, senior technology consultant at Sophos. “Its most likely use is for the cybercriminals to lease out portions of the network for misuse. It wouldn’t be a surprise if the network was used for spamming, distributed denial of service attacks, and other malicious activities.”

The Storm botnet was initially created at the beginning of 2007 when the Storm worm was spammed out, hiding in email attachments with a subject line of “230 dead as storm batters Europe”. While it has continued to grow since then, it is difficult to gauge its true size as a large percentage of the infected machines are on ‘stand-by’, according to security expert Bruce Schneier.Schneier wrote in a blog post at the beginning of October that he was worried what Storm’s creators had in store for Phase II of the botnet. “Oddly enough, Storm isn’t doing much, so far, except gathering strength,” Schneier wrote, adding that: “Aside from continuing to infect other Windows machines and attacking particular sites that are attacking it Storm has only been implicated in some pump-and-dump stock scams. There are rumours that Storm is leased out to other criminal groups. Other than that, nothing.”

Schneier wrote that the Storm botnet authors had quietly been increasing the strength of the botnet by having small portions attacking other computers and then lying dormant, by using a yet-smaller fraction of the botnet to control compromised computers.

“Storm is designed like an ant colony, with separation of duties,” wrote Schneier. “Only a small fraction of infected hosts spread the worm. A much smaller fraction are command-and-control servers. The rest stand by to receive orders. By only allowing a small number of hosts to propagate the virus and act as command-and-control servers, Storm is resilient against attack. Even if those hosts shut down, the network remains largely intact, and other hosts can take over those duties.”

Over the time, we’ve learned that hackers can do just about anything if they have the right skills and the right tools. So, if they bypass GM security systems and gain access to the control panel for this technology, things could end up in a disaster! Also, malicious insiders could wreak havoc on the streets, by abusing this system.

And imagine what could happen if a hacker accesses the system and, instead of slowing down the engine, would actually reverse the process and increase velocity – now that would cause a lot of problems, probably death! Also, these systems are going to be controlled remotely, fact which means jamming stations could be put in place to avoid control. I don’t even want to think what could happen if a terrorist gained access to this system!

These are just a few possible things, and when GM releases this new technology, they need to think things through and be pay even more attention to aspects of security! But do not worry, this system isn’t something compulsory. You have to choose if you want it or not; furthermore, it’s not out yet – it’s going to be available in 2009. I hope that by then, they will have the time to improve security too. And I certainly hope that nothing of what I have predicted in this article is going to come true!