Information security review 1/2012: Malware flourished early in the yearPublished 20.06.2012 The early 2012 saw the discovery of new malware, such as Flame and DNSchanger. Malware were not only found in the Windows environment but also in Mac computers and set-top boxes, for example.
The Flame malware discovered in May is apparently the most wide-spread and versatile data-stealing malware ever. The Flame allows the spying of a computer and its telecommunications and the stealing of data stored on the computer's hard disk. The Flame discovered in the Middle East was not found in Finland.
The DNSchanger malware alters the computer's name server configuration so that name server queries are directed to the name servers controlled by malware creators. This allows the criminals to steer the user's browser to the intended website. DNSchanger infections are rather rare in Finland.
A piece of ransomware requesting for money on behalf of the Police locked the users' computers and asked for a deposit for the removal of the locking. At the same time, the different versions of the same malware were spread elsewhere in Europe.
Even Mac computers could not avoid the infections. A botnet consisting of about 600,000 Apple computers that spread malware was discovered in April. Malware were not only discovered in computers but also in set-top boxes, broadband routers and other network-connectable devices.
Minor damage from information security breaches and denial-of-service attacks
Copyright associations, the websites of the public administration and big corporations have been the targets of protests, information security breaches and denial-of-service attacks in the net both in Finland and abroad. Despite the large number of attacks, the damage caused by them is small.
Alert and detection system of information security incidents to companies critical to the security of supply
FICORA and the National Emergency Supply Agency have launched an alert and detection system of information security incidents intended for companies critical to the security of supply. The first users were connected to the HAVARO system at the turn of the year. The number of users is expected to grow by the end of this year.
CERT-FI publishes an overview of information security every four months, which deals with the most significant threats to information security. The objective of the reviews is to support companies and organisations in their attempts to improve the management of information security risks. The CERT-FI information security review 1/2012 is available in Finnish at www.cert.fi. The English version will be published later.
Duty Officer of CERT-FI, tel. +358 9 6966 510
Ari Husa, Information Security Adviser tel. +358 40 722 3130