Lost+Found: worms, lists, rootkits, passwords, fish
Too short for news, too good to lose; Lost+Found is a round up of useful security information: Analysis of an iPhone worm, threat lists, Windows rootkits, password japes and fish on bank websites.
- Specialists at SRI International thought the iKee.B iPhone worm, which hit iPhones back in November, worthy of analysis. They found that it was the first smartphone malware able to form large botnets.
- The Web Application Security Consortium (WASC) has released version 2.0 of its WASC Threat Classification catalogue. The list describes standard vulnerabilities and attack types and illustrates them with examples.
- According to observations from Microsoft, rootkits infiltrate 64-bit Windows systems much less frequently than 32-bit systems. Driver signing and kernel patch protection appear to be having an effect.
- Password? How many guesses do I get? A Comic strip on Wondermark.com explains.
- A brief anecdote from Germany: A heise reader noticed a fish symbol as the favicon in his browser's address bar on the log in page for his credit card account at Landesbank Berlin. A fish symbol might, however, seem a little out of place on a log in page, associated as it is with phishing. Enquiries by heise Security, The H's associates in Germany, revealed that it is simply the logo of credit card service provider Atos Origin – which shouldn't actually be there at all. It has now been replaced by the Sparkasse bank logo.