Week in review: PBS, Sony hacks, disruption of Chinese Google phishing attack

Here’s an overview of some of last week’s most interesting news and articles:

Fake YouTube notifications doing rounds
YouTube users are targeted with notifications supposedly sent by YouTube administrators and containing links to Canadian pharmacy sites, warns BitDefender.

Backdoor instructions for Allied Telesis switches leaked
A simple categorizing mistake has resulted in the publishing of an internal Allied Telesis document that reveals how to set up backdoor accounts for the company’s switches. Indexed by Google, it was spotted, downloaded and posted to a file sharing site.

PBS website hit by hacktivists, its database leaked online
The hacktivist group behind the Fox breach seems to have made good on its promise to “own more things next week” – they have targeted the PBS website during the weekend. The hit was made in retaliation for the PBS’ Frontline documentary about Bradley Manning and WikiLeaks, which they feel has not done justice to the young army private.

25 years of mobile security
This year marks the 25th anniversary of my first foray into mobile security. True story.

Phishing forms on Google Docs
Google Docs is a handy online service for creating various types of documents that are hosted by the company in their cloud and can be made accessible to the greater public. But, as it turns out, the service is not only handy for regular users, but for phishers as well.

Data center IT departments fear targeted attacks
IT departments are now turning to virtualization, with half of the respondents having either implemented or are planning to deploy private clouds, according to a McAfee study.

Iran aims to exchange the global Internet for a national one
The Iran government is increasingly unsatisfied with the influence the Internet is exercising on the country’s citizens despite its censorship efforts and is planning on setting up a national Internet disconnected from the World Wide Web, reports the Wall Street Journal. The initiative is the result of government’s deep-seated belief that the West – especially the US – are using the Internet to insidiously “poison” Iranian minds with Western ideas and culture.

Romanian president declared dead by e-mail scam
BitDefender discovered a spam wave using the Romanian president’s image to help spread malware. The unsolicited e-mail relies on a classic combination of social engineering tricks: promised photo content and attention-grabbing events.

Social networking safety tips for kids
ESET’s seven golden rules for parents and children for online security.

Employee-owned mobile devices are riskiest
More than half of information technology leaders in the US believe that any employee-owned mobile device poses a greater risk to the enterprise than mobile devices supplied by the company, according to a new member survey by ISACA. Yet 27 percent still believe that the benefits outweigh the risks.

US will consider cyber attacks as acts of war
The US is finally working on a formal strategy on how to deal with cyber attacks against its networks, systems or infrastructure, and so far it seems it is one that will concentrate on deterrence.

Facebook users targeted with OS aware fake AV attack
Fake AV peddlers have begun using Facebook to drive traffic to the malicious site that tries to trick users into believing their computer is infected.

Google disrupts phishing attack against government officials, political activists
An attack apparently coming from Jinan – the capital of China’s Shandong province – against personal Gmail accounts belonging to hundreds of users has been spotted and disrupted by Google.

More US military contractors hit by cyber attacks
It seems that the floodgates have opened. Following the confirmed attack against Lockheed Martin’s computer networks comes the news that two more US military contractors have suffered attacks to their systems.

26 trojanized apps pulled from Android Market
26 applications containing a variation of the DroidDream Trojan have been found on the official Android Market and are believed to have been downloaded by at least 30,000 users. Lookout researchers believe that they were created and uploaded by the same developers who were behind the original DroidDream onslaught back in March.

Auto-dialing Trojans migrate to Android devices
Auto-dialing malware has migrated from Symbian devices to Android ones, warns NetQin Mobile researchers. The Trojan has been spotted embedded in over 20 Android applications offered for download on various online forums, including Donkey Jump, Jungle Monkey, Gold Miner, Voice SMS, Drag Racing and others.

Apple security update bypassed after 8 hours
It took only eight hours for the malware developers behind the MacDefender and its variants to come up with a way to bypass the security update pushed out by Apple. The malware developers have changed tack: a downloader program is installed first, and it then retrieves the actual malicious payload.

Sony hit again, data from 1 million user accounts leaked
LulzSec, the hacker group behind the Fox and PBS breaches, has struck again. This time the target was SonyPictures.com.

Stolen passwords used as bait in malware spam run
At the rate at which databases of various online services are currently being compromised, I expect that emails such as this latest one spotted by Symantec will become a common occurrence.