January 17, 2011

This Month in the Threat Webscape - December 2010


Month of December

Major Hits

December was completely flooded by the "Wikileaks case." Anonymous launched a series of DDoS attacks against "the enemies":  PayPal blog, Post Finance, EveryDNS, Mastercard and many others. Low Orbit Ion Canon (LOIC) showed also showed strong potential. 

Thanks to a vulnerability open to the world for 6 months, 1.5 million usernames, email addresses, and DES-encrypted passwords were released on Pirate Bay. Anonymous was involved again. Can you guess who we are talking about? Gawker Media did not receive good PR this time.

Once again, an undisclosed number of customers' private details such as email addresses, contact information, and birthdates were leaked from the McDonalds database. There were no burger give-aways though.


Browser and friends

Google reacted to the threats exploiting PDF and Flash. Sandbox, a Google technology, is a method of isolating an application from the rest of the operating system while tightly controlling its resources. The Chrome 8.0.552.215 update includes a new built-in PDF viewer that is secured in Chrome's sandbox. PDF files are contained within the sandbox environment. Twelve vulnerabilities were fixed in this version. In mid December, Google extended the sandbox to support Adobe's Flash Player plug-in in its Chrome browser.

Two zero-day vulnerabilities were found in Internet Explorer. One of the vulnerabilities, CVE-2010-3971, allows remote attackers to cause a denial of service and execute arbitrary code via multiple @import calls in a crafted document. Details can be found here.

Mozilla released a security update to patch 11 vulnerabilities, 9 of which are rated "critical" because they can be used to run attacker code.

Apple shipped a new version of QuickTime Player with 15 security holes fixed.



On Black Tuesday December 2010, Microsoft released 17 bulletins intended to patch 40 vulnerabilities across Windows, Office, Internet Explorer, SharePoint Server, and Exchange. Of the bunch, 2 bulletins were rated critical, 14 important, and 1 moderate. 

In total, Microsoft delivered 106 security bulletins in 2010, the highest number in history.

Microsoft was also confronted with 2 zero-day vulnerabilities this month. The first vulnerability (CVE-2010-3971) targets the way Internet Explorer handles Cascaded Style Sheets (CSS). The second vulnerability is found in Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control. Both exploits can be used by remote attackers to take complete control of a vulnerable system.


Hello ThreatSeeker. You've got mail!

Spam levels declined in December compared with November 2010.  There were 2 significant points in December.

First we saw a drastic decrease in the output of spam from bots, particularly Rustock.  This became apparent during Christmas time.

An increase in spam output was seen on January 10. However, spam levels are still not yet back to November levels.

Also significant in December was the New Year-themed spam output from a bot widely speculated as being associated with Waledac/Storm. Spammers were up to their usual social engineering tricks pushing out Happy New Year videos.

Security Trends

Gallup's 2010 crime survey found that computer-related crime is a growing problem for average Americans. Eleven percent of U.S. adults reported tha tduring the past year, they or a household member were victims of a computer or Internet crime on their home computer. This is up from the 6% to 8% level found in the previous 7 years.

A new Android Trojan called Geinimi emerged from China on the end of December 2010 displaying botnet characteristics. The malware compromises a significant amount of information on a user's Android smartphone and sends the information to remote servers. The information it collects includes location coordinates and unique identifiers for the device (IMEI) and SIM card (IMSI). 

On the topic of computer security for 2011 you may be interested to read our Threat Report which details the threats that we predict will pick up pace in 2011.  Read it here.


This month's roundup contributors:

  • Carl Leonard
  • Lei Li
  • Ivan Sabo
  • Ulysses Wang
  • Xue Yang


Forcepoint-authored blog posts are based on discussions with customers and additional research by our content teams.

Read more articles by Forcepoint

About Forcepoint

Forcepoint is the leading user and data protection cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.