Maybe it’s time for a sigh of relief. The much rumored “cyber-jihad,” scheduled for Sunday, never took place.

Most security researchers dismissed, or at leas downplayed, the threat in the days leading up to the scheduled Nov. 11 event, but I’d bet there was – and likely is – at least one person working for the federal government taking the threat seriously.

F-Secure’s Mikko Hypponnen has a write-up on the company blog, stating, “Cyberterrorism is not a problem. But it does make for cool movie scripts.”

And Peter Coogan at Symantec Security Response filed this post, listing the tale of the tape between e-Jihad vs. Storm Worm. Guess who won?

Here’s a hint, from Coogan’s post:

“Comparing the e-jihad and Storm techniques mentioned above clearly shows that the ‘cyber terrorists’ in this case are well behind the cyber criminals.”

We’d be lying to you if we were to use the words “Mac trojan” and “epidemic” in the same sentence.

While an in-the-wild trojan was found for OS X last month, and now it doesn’t appear to be alone, it’s also not fair to say Mac exploits are everywhere – at least not yet.

Here’s a link to F-Secure’s blog, where they detail a number of variants found in the wild recently.

Looking back, what a strange bunch of news we had last week – and by strange, I mean that SC Magazine covered a little bit of everything.

First, a lot of IT pros are likely scratching their heads wondering if the iPhone’s release is going to be a career-changing event, and not in a good way.

Researchers and analysts last week were cautious of the iPhone. Here’s another take from a Symantec researcher:

“Projections made by various analysts suggest that iPhone adoption will be quite high. This allows attackers to target a larger audience with malicious code designed to run on the devices. The Safari browser and HTML email capabilities of the device could present an ideal attack vector. As recently demonstrated, Safari can be affected by vulnerabilities just as easily as other browsers on the market. While Apple may patch these holes on both the desktop and mobile platforms, the question is will users who have to pay for data transfers be willing to download large security updates on a regular basis?”
- Marc Fossi, Symantec Security Response Weblog, “Dialing for trojans”

The conventional wisdom used to be that malware authors would try to reach as many end-users as possible to spread viruses, worms, trojans or the malware of the day.

But now, attackers may be taking a page from marketers and forgoing attempts at global mass-attacks in favor of targeted, language- and custom-specific attacks to spread malware through a specific region.

Last week we saw the “Italian Job” trojan attack, spread mostly through use of the Russian-gang-controlled MPACK toolkit.

Here’s what Exploit Prevention Labs had to say about the trojan that ran amok through the boot-shaped country this month.

“The most important thing to keep in mind about this attack using compromised hosts and the MPACK exploit toolkit is that there is nothing unique save for the number of hosts involved. A year ago, the popular exploit toolkit was WebAttacker from Inet-Lux. The same many-to-one approach of using multiple compromised hosts to redirect to a singular malicious site was popular. Also, both WebAttacker and MPACK can serve up several exploits based on the visitor’s configuration…Prior to this ‘Italian Job’ we’ve been seeing MPACK use in the wild exploding this year. However, there are other toolkits out there, and there is no shortage of malicious talent to construct new ones. Whoever advertises the highest anticipated rate of infection will have a chance to become the weapon of choice. Moving forward, I’m sure we’ll see further larger-scale attacks play out either with MPACK or another toolkit.”
- Robert Freeman, Frequency X, “Reflecting on an ‘Italian Job’”

And what would a recap of last week’s news be without Harry Potter. The boy wizard was at the center of an information security controversy of his own, as a hacker claimed to have penetrated the networks at Bloomsbury Publishing and found out the end of the hugely popular series.

Most experts think the reported hacking was a fake; here’s the good word from Security-Protocols:

“If what (hacker) ‘Gabriel’ says is true, then that means tons of new spoilers for the book are now available online and we are going to have a lot of very upset Harry Potter fans. The spoilers the hacker gives away basically tell who dies in the last book…We also have to remember that potential troll posts like this one have occurred on two previous Harry Potter books, both of which were not true.”
- Security-Protocols, “Harry Potter and the Deathly Hallows hacked?”

There’s one news story that everyone in the IT security world is talking about today: Julie Amero, a Connecticut substitute teacher convicted in January of allowing her students to see pornography on a class computer, was granted a new trial. (That’s just an expression. Some people, I’m sure are also talking about IBM acquiring Watchfire).

A number of security experts came to her aid in the past half-year, showing that this was a case of badware instead of a bad teacher.

While no one is jumping for joy just yet, there’s definitely a well-deserved sense of accomplishment on some information security blogs.

And I’d specifically like to point out Sunbelt Software’s blog, which has full coverage of the event.

“As you can image, I’m very pleased at the outcome of Julie Amero’s sentencing today. However there’s still the specter of a new trial, and so the show isn’t over yet. This event was a testament to the power of a community of people coming together in a common cause. One day, perhaps someone will write a story of this experience. It’s certainly been one of the more amazing events in my career.”
- Alex Eckelberry, Sunbelt Software blog

“As expected, the judge presiding over the Julie Amero trial has decided a new trial is the way forward. This would suggest the whole thing is going to be then speedily dismissed. It also possibly means that those who screwed up the first time round don’t have to stand accountable for their actions, but oh well…The important thing to remember here is that someone’s life was pretty much destroyed because of some spyware and adware – infection files that (let’s not forget) were pretty low down on the “danger scale,” yet still managed to stir up the biggest s***storm I’ve seen in some time.”
- paperghost, Vitalsecurity.org

OpenOffice user? Worried about Badbunny?

In case your RSS feeds are acting up, Badbunny is a multiplatform malware sent to Sophos that exploits a hole in OpenOffice, the open source productivity suite.

Here’s an additional viewpoint on the malware from Vinoo Thomas at McAfee Avert Labs who argues that OpenOffice users should relax.

While the malware seems nasty, it’s likely a hacker wrote it and sent it to Sophos just to show off his or her virus-writing skills.

“In all likelihood this virus will not be seen in the wild. Such proof-of-concepts are written more to show off the so-called elite skills of the author and are usually submitted to anti-virus vendors by the virus authors to get media attention,” said Thomas. “Nowadays with all the keen media interest in computer security, all it takes is to add a bell or whistle and a little proof of concept makes headlines.”

Now, why would Microsoft need my credit card information when I paid for my PC with my debit card? No, wait, why would they need it at all?

The bad guys are hoping users at home don’t think that when they see this new malware, pointed out by the Security Response researchers at Symantec today.

The social engineering techniques it uses are same old, same old. But what immediately catches the eye is the pains attackers tool to make it look like an actual Microsoft message.

It asks end users to punch in their credit card and personal information to assure the company of their purchase. And this ogre won’t let you past without the info.

The key is to be a little tricky. The trojan wants personal information, but it’ll settle for any personal information – so just make something up.

Like practically every newsperson I’ve ever met, I like to stay up on the national and international news, even though the chances are slim to none that it will affect my own beat that day.

Unfortunately, it’s not just reporters and editors who want the average person at home to stay informed. Attackers also have a stake in end-users staying cognizant of the news of the world – especially in this age of the emailed news alert.

Take the latest hacker scheme playing on current events: an emailed alert saying that U.S. or Israeli armed forces have launched an assault on Iran, touching off a wider regional conflict in the Middle East.

Of course it’s not true, at least not yet. But with Iran’s recent abduction of 15 British servicepeople and rising tensions over the Islamic Republic’s nuclear ambitions, it just could be true, couldn’t it? The attackers are hoping that you, informed citizen, will want to click on the conveniently provided link to find out more.

The F-Secure research team’s blog and the incident log of the SANS Internet Storm Center have more information on the scam, and the malware it’s trying to disseminate.

Britney Spears was back in the headlines today – but not for marital troubles, custody battles or outrageous antics.
Britney was a topic du jour of information security bloggers. Why? Cyberattacks are trying to lure unsuspecting web users to malicious sites by claiming to have racy photos of the former Mrs. Federline, all to infect innocent PCs with malware.

To do this, the bad guys are assuming home users have the pre-partyhopping-with-Paris version of Britney on their minds more than yesterday’s emergency ANI patch for Windows.

Roger Thompson, the CTO and research chief at Exploit Prevention Labs, has been keeping a vigil on ANI developments in recent days, saying “most” of the exploits are using Britney lures.

Believe it or not, it’s not the first time Britney’s graced the (web)pages of SCMagazine.com. A 2005 study by Panda Labs reported that she was the image most used to spread malware, and she’s popped up as a cover for trojans, worms and rootkits since.

So, are cybercriminals and malicious hackers obsessed with Britney Spears? Think of them as paparazzi interested in stealing personal information.