Cyber earn their deaths actor

As soon as the world learned of the tragic death of actor Heath Ledger, which played in the films "Brokeback Mountain," "History knight", "The Brothers Grimm" and the other, his name has been used as an instrument of social engineering and abused for selfish purposes. After hours after the first news, research group Trend Micro recorded appearance of malicious Web pages found by search engines for queries on Hite Ledzhere.

For example: After moving to any of the extradition resource user first turns on such "optimized" page, which will most likely not see in a browser.

A then redirected to another site, which offers download "new version of ActiveX Object." As a result of a series of redirects you download malicious software such as troj_renos.lz or worm_nucrp.gen.

Moreover, there is reason to assume that these sites are dangerous for hosting one of the Czech compromised providers. Some servers located at its sites contain malicious JavaScript, defined as js_dloader.dat which runs the same series of redirects that contained links and issuance of Ledzhere Hite.

"The speed with which this attack was carried out after the death of actor shows that the attackers planned in advance all their actions and they were ready all of harmful components - commented Michael Kondrashin, head of Trend Micro competence centre in Russia and the CIS. - This clearly proves for the attack that mature faces criminal groups calling itself the same goal - getting money. It is not important what exactly will "hook" for trusting users: loud political scandal, a terrorist act or a natural disaster. Clearly, the loudest events in the future will be accompanied by a similar web attacks. "

Network "special purpose", such as SCADA (Supervisory Control and Data Acquisition), always a high level of protection, which is achieved mainly at the expense of their total isolation from public networks.

Among the experts on security "old school" went jokes that "to truly provide the only reliable protection cutters, speaking eloquently that if the network is an indefinite number of persons, the protection of sound do not have to speak.

That was always the case. First, such networks under no circumstances should in no way be connected to the Internet. Unacceptable even connect via VPN, and other infrastructure organization virtual networks. The idea runs counter to the spirit of that connectivity security.

Unfortunately, the result of specific policy decisions made over the past 15 years had led to a dangerous convergence of "public" and "private" networks to "minimize costs and optimize operations, which have gone on this convergence company responsible for the operation of vital networks for the world's population.

One case - password theft, fraud and other economic offences committed by the virtual world of the Internet. Just another - switching off electricity in a particular region. It's no secret that in today's world there are forces that are interested in chaos and tensions causing severe damage to the masses population. The work of these forces have the same technology that suited to steal passwords from the bank accounts have not mean anything suspect users.

Mac Users will be helpful to learn about the recently discovered MacSweeper program. While it is not harmful, it removed after installation extremely difficult.

Program MacSweeper claims that it scans the system and informs the user about holes in the security system. She finds many "holes", but to address them offers to buy the full version of the program.

There is an official program Mac Sweeper (two words with a space).

Doubly suspicious that the visit to the site of this programme leads to a user's computer scanning and publishing a report on security in folders, which exist only in the Mac - even if the site is open from your computer working under Windows.

The website published general information about the company, which in general are quite credibly, if not one but: until recently, they were a true copy text from the site similar to Symantec.

Trend Micro detects this program, and classifies it as osx_macsweer.a.

Almost five years ago SQL Slammer worm was to make people understand that providing access to critical resources via the Internet infrastructure - highly unsuccessful idea.

But not all learn from the mistakes of the past. Most recently, several thousand pages on the Internet suffered from the attack (presumably) SQL Injection, as a result of endangering the personal data of hundreds of thousands of Internet users.

The most terrible is that in the hands of intruders can enter data on credit cards, identity and the identities of other key documents users who do not have any relation to those pages.

And today we learned of the new "underground" instrument - sqlmap: it is an instrument automatically unauthorized SQL code, developed entirely in Python. He is able to carry out a comprehensive analysis of database management systems, access to remote databases of names of users, tables, columns, the full content of a database, as well as system files and read much other information using the security holes in systems applications to the Internet, opportunities Forced to perform unauthorized SQL code.

This is very unpleasant news for many sites where SQL operating systems are still available via the Internet.

A preliminary analysis tool SQL Injection looking for a vulnerability in SQL systems in the public pages on the Internet. It does not require direct access to SQL Server; enough intermediate interface, such as CGI form.