Issues on 2011 and predictions of upcoming 2012

1. Introduction

When will we be free from various security threats?
We don't want to say the word "As usual" though, this year, we were suffered by various security threats AS USUAL.
From now, we are going to organize big issues which were happened through this year and expect security threats for upcoming year.
Due to constant hacking incidents, the importance of security threats is getting bigger and bigger.
Trend of hacking is also changing from bragging hacker himself to targeting financial gain.

* Review 2011's big issues

1. Targeting SNS including Facebook and Twitter

With increasing use of social network services, security threats are also booming.
Shorten address and fake e-mails were the most prevalent technique for inducing user.

* SNS(Social Network Service) is...

an online service, platform, or site that focuses on building and reflecting of social networks or social relations among people, who, for example, share interests and/or activities.

Following figure is looked like sent from Facebook, however, clicking [View This Wall Post] led user to malicious web site.

Using SNS for spreading malicious file is the fastest, public, available to use shorten URL, and . For these reasons, we must be careful on using internet.

2. March 3, DDoS attacking signature has been reported

On march 3, some of South Korean web sites detected the signature of DDoS. For this reason, INCA Internet (Security Response Center / Emergency Response Team) worked before and after the day. Furthermore, since that malicious file interrupted update process of Korean Anti-Virus product, INCA Internet made and distributed another Anti-Virus product for separate use.
Following image is the code for changing update address of each Anti-Virus program.

Following lists are targeted web sites.
These sites are including web portal site, e-commerce site, and public institutions and so on.


3. Spreading tampered files via file-sharing sites on weekends

Unlike past cases, malicious file creators tampered certain web sites and used to the spreading point of malicious files especially on weekends.
As a result, a lot of file-sharing web site users who particularly visited sharing site on weekend were suspected to be infected.
Besides, in case of certain malicious files, which infected system file or run malfunction on system, finally it made BSOD to victim's screen.

[Warning] Variant malicious files changing Windows system files are increasing

[Warning] An error occurred on booting while being infected tampering system files.

4. Appearance of financial targeting ZeuS botnet P2P version

Typical malicious files, ZeuS and Spyeye which are aiming at online banking web site, are constantly on progress.
Since anti-virus companies made their effort to block against ZeuS, it had widened its activity range to P2P.

Image by abuse.ch

The latest version of ZeuS contains infected IP lists and can spread new malicious file via P2P. And infected PC can update its ZeuS' version if needed.
Zeus and Spyeye are spreading via attachments of e-mail, SNS, tampered web site, therefore, users need to be careful on using internet.

5. Fake Anti-Virus SW for Mac OS

Fake Anti-Virus S/Ws have been come out since Apple's products gained popularity.
The most popular Anti-Virus product is MacDefender which is skillfully disguised as a real Anti-Virus product.

Following screen shot is the MacDefender which shows user incorrect information and induces user to pay for fixing from its infection.

[Warning] Detected Fake Anti-Virus SWs (Mac Defender, Mac Security, Mac Protector) based on MAC OS

6. Security threats of SCADA, Stuxnet and Duqu

SCADA(supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based process.

Stuxnet is a computer worm discovered in June 2010. It initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

Duqu is a computer worm discovered on 1 September 2011, thought to be related to the Stuxnet worm. The Laboratory of Cryptography and System Security (CrySyS) of the Budapest University of Technology and Economics in Hungary, which discovered the threat, analyzed the malware and wrote a 60-page report, naming the threat Duqu.

These kinds of networks are well separated from the accesses outside. But accessing USB from outside and using internet can cause security threats to isolated network.
One of hacker whose name is Pr0f said that we must know the severity of SCADA's security threats and ICS(Industry Control System)-CERT.

7. APT(Advanced Persistent Threat) issues

Advanced persistent threat (APT) usually refers to a group, such as a foreign government, with both the capability and the intent to persistently and effectively target a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage, but applies equally to other threats such as that of traditional espionage or attack.

Within the computer security community, and increasingly within the media, the term is almost always used in reference to a long-term pattern of sophisticated hacking attacks aimed at governments, companies, and political activists, and by extension, also to refer to the groups behind these attacks.

8. Rapid increase of Android malicious file

From the second half of 2011, the number of Android malicious file have increased rapidly. Those files are being generated from China or Russia mostly.
But we expect these Android malicious file become new security threats with increase of Android users.

[Information] Status for Android-based mobile malicious file

[Information] Android malicious application inducing charge for targeting various countries

[Warning] Identified malicious application disguised as a Battery Doctor

[Warning] Android malicious application which steals E-mail account and password has been reported.

Malicious Spyeye application for Android

9. Hangul (also known as Hangul Word Processor or HWP) exploit

Several HWP exploits have been reported.

Hangul (also known as Hangul Word Processor or HWP)

[Warning] HWP document file including malicious file

In case of HWP document file, malicious file distributors used Zero-Day exploit to attack APT.
Furthermore, general users can hardly recognize whether victim's PC is infected by malicious file or not with its normal content.

Following diagram is the process of executing file which contains HWP exploit.

10. Malicious files tampered with BIOS and MBR

For the long life and infection, malicious files were adopted various techniques.
One of the most prevalent techniques is Rootkit which has been reported as being infected BIOS and MBR especially aiming on certain users of South Korean online games.

BIOS(Basic Input Output System)

- The basic input/output system (BIOS), also known as the System BIOS or ROM BIOS, is a de facto standard defining a firmware interface.

MBR(Master Boot Record)

- It is a type of boot sector popularized by the IBM Personal Computer. It consists of a sequence of 512 bytes located at the first sector of a data storage device such as a hard disk. MBRs are usually placed on storage devices intended for use with IBM PC-compatible systems.

[Caution]Malicious file trying to tampering BIOS and MBR found.

Due to the nature of BIOS and MBR, complete treating by Anti-Virus is difficult.
To use PC safely from security threats of these malicious files, users must use MBR protection program for MBR including MBR Guard of INCA Internet.

nProtect MBR Guard v2.0.1.4 (For Windows XP, Vista, 7)

11. Digital signatures of companies were used for malicious files.

A digital signature or digital signature scheme is a mathematical scheme for demonstrating the authenticity of a digital message or document. A valid digital signature gives a recipient reason to believe that the message was created by a known sender, and that it was not altered in transit.

Digital signatures are commonly used for software distribution, financial transactions, and in other cases where it is important to detect forgery or tampering.

The biggest reason of using digital signature is disguising as a normal file.
Following figure is the preference of available digital signature.

12. Breached personal information of various public web portal, companies and online game companies

A lot of public web portals, companies and online game companies failed to keep the personal information of their users.
Besides, leaked information was used as voice phishing and spam.

13. Trying DDoS attack with tampering one of normal media player program

DDoS attack on July 7, 2009 adopted malicious file with tampering file-sharing site and spreading to public.
By the way, another case injecting malicious file on installation file has been reported recently.
Since various new techniques are emerging, administrators need to effort for preserving its integrity of web site.

Spreading DDoS malicious file tampered with KMPlayer

* Predictions for upcoming 2012

First of all, social engineering will be the best way to spread malicious files. APT and Zero-Day will also be big issue in next year. To be safe from these malicious factors, Chief Security Officers must examine security holes thoroughly and set manual from these possible threats. Especially, officers have to fortify security training for internal staffs from data breach.
Supply of Android based smartphone will be increased and mobile based service such as SNS will be more become effective than this year. Therefore, using SNS need to be more careful.
Malicious files and its variants along with social issues will be constantly generated. Various techniques for DDoS attack will be generated including APT attack.

Security management tips

1. Maintain the latest security update on OS and applications
2. Use anti-virus SW from believable security company and keep updating the latest engine and using real time detecting function
3. Do not see and download attached file from suspicious e-mail.
4. Keep caution to link from instant messenger and SNS.
5. Execute downloaded file after scan with anti-virus SW.


  1. When this movie was released there were rumors that same is going to happen very soon. It was nothing more than a sensation for drawing the attention of every person towards it.

    1. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
      Cyber Security Projects for Final Year

      JavaScript Training in Chennai

      Project Centers in Chennai

      JavaScript Training in Chennai

  2. Install entomologist-endorsed, kissing bug verification encasements on bedding and box springs. punaise de lit piqure


  3. Check out Aptoide for PC on your Windows-powered PC or laptop. We have presented complete installation details so that you can enjoy Android apps for free. aptoide apk

  4. TutuApp application download is straightforwardly accessible on our site. One essentially needs to open site and can download the authority application from us. tutu app

  5. The Bad Battery life is just normal. Greater versatile speakers will convey comparative or better solid for a similar cash or less. The Bottom Line The well-manufactured and travel-accommodating Bose SoundLink Micro is apparently the best sounding speaker in its small size class. Bose SoundLink Micro review

  6. Poker Online Indonesia BandarQ DominoQQ Terpercaya Dan Terbaik di Indonesia Dengan Minimal Withdraw and Deposit Sangat Sedikit.

  7. MyCCPay Login visa card servicer is a third-birthday party enterprise that's located in the South Dakota. It we could the users to check out their cutting-edge balance details and to be had credit stability whenever they want.

  8. This comment has been removed by the author.

  9. A foot rub down is a remarkable way to pamper a person unique and help them unwind ... Which of the following rubdown strategies is correct and simplest? Foot Massage Techniques

  10. Les leucocytes ou les globules blancs font partie du système immunitaire. Ils aident à protéger le corps contre les envahisseurs étrangers et les maladies infectieuses.monocytes élevés

  11. All phones made since 2005 are GPS-trackable. Cell phones including handheld GPS receivers are also available, but may not operate properly if you are outside your cell providers' service area.

    gps randonnée

  12. Very useful post. This is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. Really its great article. Keep it up. Team building activities


  13. Thank you for making me understand about how important is the subject of Computer Science for students pursuing relevant courses. However,I had no idea that Nursing assignment help experts cater to so many assignment types such as dissertations, case studies, essays and many others. After reading this blog, I actually came to know about such assignments. Online Assignment Expert has enlightened me regarding these.

  14. Thanks for sharing the valuable information. In continuation of your excellent web post, I want to tell about a website (My Assignment Services) that provides assignment help services to students at cost effective prices. Whatever be your assignment, essay, reports, dissertation, their experts are sources of every problem that comes your way. They are not just limited to a single domain, instead they will guide you in every assignment related to nursing assignment help, management, engineering, nursing, law, and much more.
    My Assignment Services has been consistently delivering and fulfilling the demand of assignment across the world with their assignment help melbourne, Australia, UK, Malaysia, USA, Russia, Canada, UAE, South Africa, Vietnam, Singapore, etc. Whenever it comes to quality assignment help services at affordable prices with satisfied customer satisfaction rating, My Assignment Services would be a good name to call.

  15. Financial indicators 2009 2010 2011 2012 2013 Household saving ... The forecast is for an almost unchanged budget deficit in 2012 as the cyclical ...


  16. The article you have shared here very awesome. I really like and appreciated your work. I read deeply your article, the points you have mentioned in this article are useful

  17. View stories of any user anonymously. Pictame2 pictame. The more Instagram followers a person has the more popular they will be on this site.

  18. I am very shocked and speechless to read this article post. This is the kind of manual that needs to be given and not the random misinformation that’s at the other article information. Appreciate your sharing this best posting and i hope you posting future also. Assignment Help Melbourne

  19. Such a wonderful information blog post on this topic Allassignmentservices.com provides assignment service at affordable cost in a wide range of subject areas for all grade levels, we are already trusted by thousands of students who struggle to write their academic papers and also by those students who simply want assignment maker to save their time and make life easy.

  20. Calaptin 120 SR Tablet is utilized to treat angina, high blood pressure, and a few sorts of unpredictable heartbeats. It works by loosening up blood vessels to bring down blood pressure. This assists in lessening the outstanding burden of the heart.