Researchers Find Massive Botnet On Nearly 2 Million Infected Consumer, Business, Government PCs

Researchers have discovered a major botnet operating out of the Ukraine that has infected 1.9 million machines, including large corporate and government PCs mainly in the U.S.

The botnet, which appears to be larger than the infamous Storm botnet was in its heyday, has infected machines from some 77 government-owned domains -- 51 of which are U.S. government ones, according to Ophir Shalitin, marketing director of Finjan, which recently found the botnet. Shalitin says the botnet is controlled by six individuals and is hosted in Ukraine. .. More >>

Computer Spies Breach Fighter-Jet Project

WASHINGTON -- Computer spies have broken into the Pentagon's $300 billion Joint Strike Fighter project -- the Defense Department's costliest weapons program ever -- according to current and former government officials familiar with the attacks.

Similar incidents have also breached the Air Force's air-traffic-control system in recent months, these people say. In the case of the fighter-jet program, the intruders were able to copy and siphon off several terabytes of data related to design and electronics systems, officials say, potentially making it easier to defend against the craft. .. More >>

Conficker worm hits University of Utah computers

SALT LAKE CITY (AP) — University of Utah officials say a computer virus has infected more than 700 campus computers, including those at the school's three hospitals.

University health sciences spokesman Chris Nelson said the outbreak of the Conficker worm, which can slow computers and steal personal information, was first detected Thursday. By Friday, the virus had infiltrated computers at the hospitals, medical school, and colleges of nursing, pharmacy and health.

Nelson says patient data and medical records have not been compromised.

"That's secured in a much deeper way because of the implications," he said.

Nelson said the virus is mainly attacking personal computers and could be siphoning login and password data, credit card numbers and banking information.

Directions for purging the virus from personal computers and equipment like thumb drives, digital cameras and smart phones has been distributed to staff and students.

Information technology staff shut of Internet access for up to six hours at some campus locations Friday so they could isolate the virus. They were expected to work through the weekend to eradicate it from the system. .. More >>

Some articles on penetration testing

Six hours to hack the FBI

5 free penetration testing tools

Cost effective penetration testing

Core Impact penetration testing tool (not free)

Electric Power Grid Vulnerabilities

The following is a collection of news articles (non-exhaustive) on the vulnerabilities of the power grid and alleged penetration. Click the titles of the articles below for further information.

Simulated attack points to vulnerable power infrastructure (Sept 28,2007)

Critical infrastructure often under attack (Nov 11, 2008)

Power grid is found susceptible to cyberattack (March 21, 2009)

Electric Grid in US Penetrated by Spies (April 8, 2009)

China denies attack on US power grid (April 9, 2009)

 

Senate bill would give feds bigger cybersecurity role in private sector

Legislation calls for new security standards for government and critical infrastructure systems
By Jaikumar Vijayan

April 1, 2009 (Computerworld) Two U.S. senators are proposing legislation that would give federal officials significant new authority to create and enforce data security standards both for government agencies and key parts of the private sector.

The Cybersecurity Act of 2009, which was introduced by Sens. Olympia Snowe (R-Maine) and Jay Rockefeller (D-W.Va.), would empower the National Institute of Standards and Technology (NIST) to establish "measurable and auditable" security standards for all networks and systems run by federal agencies, government contractors and businesses that support critical infrastructure services. In addition, NIST would be charged with developing a standard for testing and accrediting software built by or for those groups.

The bill also calls for the creation of a national cybersecurity adviser's office within the Executive Office of the President. Under the proposal, the new operation would be modeled after the Office of the U.S. Trade Representative and have the power to compel federal agencies to comply with government security mandates.

According to a statement posted on Snowe's Web site Wednesday, the new legislation is aimed at reinforcing ongoing cybersecurity efforts within the government while also ensuring that proper safeguards are implemented for critical infrastructure targets within the private sector, such as banking and power systems. .. More >>