Professional Documents
Culture Documents
Oleh :
FAKULTAS TEKNIK
AGUSTUS 2010
1. Identifikasi kasus-kasus keamanan system informasi
ü Investigasi
For the security vulnerability in the processing of file links (.lnk files)
within all supported Windows operating systems, Microsoft released a security
advisory; an update to eliminate this vulnerability is not yet available, though.
The company currently merely provides a guide to deactivate a Windows
service as well as the defective processing routines for the .lnk files, which
seems to be too complicated for the most users and poses the risk to render the
system unusable by a small error. Additionally, the start and quick start menu
show a standard icon for all programs after the procedure, which decreases
usability significantly.
ü Investigasi
With subject lines like “Reset your <domain name> password”, the emails
pressurize users, advising that their domain password will be reset – unless they
click on a link to stop this from happening. And in an effort to trick even more
people, recipients who agree to a password reset are lured by the spammers to
click through on a link in the message to proceed.
What users do not see is that the link in the mail leads to a domain other
than the one shown in the message. Furthermore, while this web site is
apparently loading, users are automatically redirected to yet another site after
four seconds. During this time, a hidden so-called ‘iframe’ is shown, which is
often used to exploit security vulnerabilities in browser plug-ins and outdated
software by injecting malware.
ü Investigasi
The malware toolkit is basic and it creates quite static botnet drones.
Consequently, its detection and removal from infected computers proved to be
easy, since no advanced functions like rootkits or process self-protection are
used.
However, users should not underestimate the danger that comes with
BDS/Twitbot.E drones. If unsuspecting users infect their computers with it, the
criminal botnet operators can install any kind of malware and cause a lot more
damage.
Avira informs about ransomware, which threatens to inform the public prosecution
department about pirated content on the PC, but in fact steals credit card data
Tettnang, 14. April 2010 – Currently active blackmail Trojans are using a new scam,
as the IT security specialist Avira informs. In order to avoid a complaint because of
downloading illegal copies of copyrighted files, the victims of the ransomware should
pay about 400 USD to an alleged copyright organization.
ü Investigasi
The cyber criminals try to put pressure upon the victims whose
computers they infected, to make them pay in haste, without taking time to think
about it.
The anti-malware solutions from Avira detect the malware with the virus
definition file 7.10.06.65 as TR/Ransom.CardPay.A and
DR/Ransom.CardPay.A, which first search for eventual Torrent files on the
computer which indicate the usage of peer-to-peer networks. Even if none are
found, warnings of pirated content found on the PC are displayed.
If the victims really want to pay the ransom, they are redirected to a
professionally designed website, where they have to provide their credit card
data. The site is forged and it clearly serves only to collect credit card data,
which is meant to be profitably sold to the criminal underground. Avira's
security experts strongly advise against giving such data to this site.
Avira is issuing a warning against phishing mails that are being used by
criminals in an attempt to access Skype logins
ü Investigasi
Users who enter their Skype login data on this website will then be
diverted to the genuine download site to avoid arousing suspicion. However, the
attempted login by the user reveals his access data to the attackers. The threat is
mainly to the user’s credit on his Skype account, which can be deducted. In
addition, the cybercriminals can also send other phishing links or Spam to the
contacts of the specific user.
At present, the integrated phishing filters of the most commonly used web
browsers, such as Internet Explorer, Opera, Google Chrome or Firefox, do not
yet recognize the risky site and therefore do not issue an appropriate warning.
Throughout the month, the share of spam messages in mail traffic averaged
82.9%. Links to phishing sites were found in 0.03% of all email traffic. The most
popular social network Facebook usurped eBay’s 2nd place ranking in the list of
organizations most often attacked by phishers. Facebook accounted for 12.81% of
phishing messages, more than three times as much as in the previous month. The e-
commerce business PayPal remained in first place after being targeted by over half
(53.48%) of all phishing attacks.
ü Investigasi
The USA and India maintained their leading positions as the most popular
sources of spam: they distributed 1.5 times as much spam compared to June
(17.2% and 9% respectively). Europe caused the most noticeable change in
July’s rating with the UK, Germany and Italy all making it into the Top 10. The
total volume of spam originating from their combined territories increased by 50
percentage points compared with the previous month. Two newcomers to the
top twenty were high-tech Hong Kong (17th place with 1.8%) and Taiwan (19th
place with 1.3% of spam).
Paypal continues to be the most phished brand around, followed now with a long
distance by Facebook which continues to be quite a lot under attack.
Because of the holiday season, many people started to buy games and spend more
time in the social media websites, so the increase in attacking such web sites comes quite
naturally.
Note that the top 10 names have remained almost the same compared to June but
the amount of phishing has grown.
Most abused TLDs
Not much changed from last month, despite the fact that there were some
fluctuations in the top 5. Of some concern is the fact that the “.de” domain has reached
place 6 this month, stepping up 5 positions from June. The amount of 2.62% in total is so
little though that this might be usual fluctuation.
Extension statistics for malware URLs
The distribution didn’t change so much from last month, most important variation
being registered in the scripts ending in JSP, CSS, ASP and in the JPG extension.
Spam categories statistics
The spam mails sent in July where mostly Online Pharmacy related, followed by
Casino spam. Interesting enough is the fact that the Casino spams increasingly are sent in
the German language and less are English. This is probably related to the fact that some
of our spamtraps are hosted on German servers; but this also means that spam got
adopted better to the “target audience mother tongue” in July 2010.
URL Shorteners used in malicious activities in July 2010
Since our statistics about URL shortener services abused in malicious activities
are new, there isn’t much that can be told about this category yet. It can be observed that
the url shorteners are almost always the same for Phishing and Malware. There are little
variations, but there are always the same websites in the top 5. Probably the reason for
this is that the distribution is being made by an organized group of people, almost always
the same. The future statistics will show if this is the case.
Catatan :
http://www.avira.com/en/press_releases/index.html
http://www.securelist.com/en/analysis/204792134/Spam_report_July_2010
v Informasi yang penulis sajikan apa adanya dalam bahasa inggris sesuai dengan
informasi dari sumber yang penulis ambil, hal ini dimaksudkan agar tidak terjadi
kesalahpahaman karena keterbatasan bahasa yang dimiliki penulis