by Constantine von Hoffman

India Hopes Paper Brochures Help Patch Cybersecurity Holes

Jan 25, 20133 mins

This week's IT security news roundup has stories on the Indian government's (ridiculous) plan to ship cybersecurity brochures with new computer hardware; Gozi malware arrests; new SCADA password cracking code; Android software vulnerabilities; and more.

In an effort to combat online crime, the Indian government will soon make retailers ship brochures on cybersecurity along with every piece of computer hardware sold in the country. The main objections to the plan focus, so far, on how difficult it will be to execute it and not on how stupid an idea it is in the first place.

According to the Economic Times of India:

“Hardware firms briefed about the government’s plan are concerned that they will be faced with a logistical nightmare, all for the sake of an archaic but well-intentioned step of doubtful effectiveness. If the government has its way, every desktop computer, mobile phone, modem or USB stick will have to come pre-packaged with what are called ‘Cyber Security Awareness Brochures’. The intention, much like with the statutory warnings on cigarette packets, is to draw attention to a grave threat.”

We all know how effective those warnings on cigarettes are.

Also in this week’s news:

Gozi Malware Arrests, Report Highlight Russian Cybercrime

  • (CSO) Feds charge Russian national over the Gozi Trojan that hit banks, new report shows 70% of exploit kits released or developed in Russia.

SCADA Password Cracking Code Available

  • (HelpNetSecurity) ICS-CERT has issued an alert about the existence and general availability of the proof-of-concept exploit code for a tool that can brute force passwords and thus gain access and control of programmable industrial control systems.

Android Malware Potentially Stole Up to 450,000 Pieces of Personal Data

  • (CSO) A fake app store that steals personal information on Android devices may have potentially stolen between 75,000 and 450,000 pieces of personal data such as contact details, according to security firm Symantec. Not long after Symantec discovered Android.Exprespam, the security firm acquired data that indicated more than 3000 visits were made to the fake app store called Android Express’s Play from 13-20 January.

Security Researchers Cripple Virut Botnet

  • (CSO) Many of the domain names used by a cybercriminal gang to control computers infected with the Virut malware were disabled last week in a coordinated takedown effort, Spamhaus, an organization dedicated to fighting spam, announced Saturday. The Virut malware spreads by inserting malicious code into clean executable files and by copying itself to fixed, attached and shared network drives. Some variants also infects HTML, ASP and PHP files with rogue code that distributes the threat.

College Student Expelled After Bringing Web Vulnerability to School’s Attention

  • (ThreatPost) A Canadian college student was expelled after reporting a vulnerability in the school’s Web site that potentially exposed private data on more than 250,000 students. The high-achieving computer science major, Hamed Al-Khabaz and another student, Ovidiu Mija, in November were developing a mobile app using Omnivox Web portal software when they discovered “sloppy coding” that could lead to a major data breach. Ominvox is used at hundreds of Canadian campuses, including theirs at Montreal’s Dawson College.

Red October Attackers Shutting Down C&C Infrastructure

  • (Threatpost) It appears that the attackers behind the Red October cyberespionage campaign are taking their ball and going home. Since the attack came to light on Monday, the attackers have begun shutting down their infrastructure and the hosting providers and registrars involved with some of the command-and-control domains are shutting those down, as well.