New Botnet Attacks

According to stories in today’s editions of the Washington Post and the New York Times, a new “botnet” attack has compromised more than 75,000 computers at about 2,500 companies and organizations in the US and elsewhere.  Although there have been attacks in the past that affected more computers, this attack appears especially sophisticated, and targeted at firms in the health care and technology industries:

The attack, which began in late 2008 and was discovered last month, targeted proprietary corporate data, e-mails, credit-card transaction data and login credentials at companies in the health and technology industries in 196 countries, according to Herndon [VA]-based NetWitness.

The infections were apparently discovered in late January, and made use of a variant of the ZeuS “Trojan Horse” malware.  The attacks appear to have been focused on stealing login and electronic banking credentials.

This is yet another example of how hacking activity on the Web has gone from something akin to adolescent vandalism to organized crime,   NetWitness said that the botnet, which they have dubbed “Kneber”, appears to have originated in Eastern Europe.   The chief executive of NetWitness, Amit Yoran, said,

“Cyber criminal elements, like the Kneber crew, quietly and diligently target and compromise thousands of government and commercial organizations across the globe.”

Unfortunately, the days when it was sufficient to just install an anti-virus program on each PC are long behind us.   Today’s attacks are not only much more sophisticated, but also tend to be targeted to get maximum payoff.

Security Updates for Older Firefoxen

Although Firefox version 3.6 has been released, there are probably quite a few users who have not yet upgraded from version 3.5.x; and there are possibly still some users with the 3.0.x versions.  Mozilla has released a set of security-related updates for these older versions.  For users of the 3.5.x series, the latest release is version 3.5.8, and the Release Notes are here, and installation files for all languages and platforms (Mac OS-X, Windows, and Linux) can be downloaded here.    The latest version in the 3.0.x series is now 3.0.18, and details of changes are in the Release Notes; however, the download link there is incorrect (it points to the 3.5.8 download page).  I’ll post a corrected link here when I am able to find one.

If you are still using these older versions, especially the 3.0.x series, I recommend that you plan to upgrade to the latest Firefox version, 3.6, as soon as you can.

News from Old Rocks

Back in 1969, a meteorite fell near the town of Murchison in the Australian state of Victoria.  More than 200 pounds of the meteorite, classified as a carbonaceous chondrite, were recovered quickly after it fell; its age is estimated to be about that of the Sun (4.65 billion years), or perhaps a bit older.  Since it was collected shortly after it fell, minimizing the chances of contamination, it was examined at the time for the presence of organic compounds, especially the types of compounds observed in the famous Miller-Urey experiment, such as amino acids.  Several organic molecules of this type were found in that initial examination.

The analysis of the meteorite has recently been updated, according to an article in Wired Science, and more sensitive analytical techniques have found a much larger assortment of organic compounds:

In a study published Monday in the Proceedings of the National Academy of Sciences [abstract], researchers turned the latest chemical analysis tools to a piece of the Murchison meteorite. Using techniques that measure mass down to a single electron, they found more than 14,000 different molecules.

These compounds could, in turn, be the building blocks for millions of other organic compounds.  In fact, the researchers, from the Helmholtz Center in Munich, say that the diversity of compounds they found, dating from the early days of the solar system,  exceeds the diversity found on Earth today.

The PhysOrg.com site also has an article on this research.