Trust that content?

The ISC and Fergie's Tech Blog are both reporting Microsoft was the target of a defacement. Someone who calls him/herself Cyber-Terrorist hit the website at ieak.microsoft.com. The server is not actually hosted by Microsoft, but it does use their domain services. The digital defacement site Zone-H shows the image of Bill Gates with pie on his face and the statement 'Owned by Cyber-Terrorist --Cyb3rT--'

Normally I don't find website defacements news worthy, however this is a great example of how even trusted websites can be compromised with hostile code. Had this been a bank, the attacker could have been sniffing web data. High profile targets like the Dolphins Stadium, during Super Bowl XLI, have been used to infect the masses without their knowledge. Its not a stretch to suggest valid applications could be replaced with corrupted versions.

Please be cautious when visiting websites and entering details about yourself. Does the site you're visiting really need the information they're asking for? If not, I see no harm in falsification.

When downloading applications online, we suggest verifying MD5 and SHA1 hashes, if the author provided the hashsum. Running all your downloads through an antivirus engine should be done on every downloaded application, trusted or not.

-----------------------------

A Shadowserver team member who uses the handle DigitalNinja has done an excellent whitepaper on Identifying Malware using fuzzy hashing. While I don't usually approve of white papers authored by people who won't identify themselves by their real name, this paper is pretty decent. The techniques aren't new, in fact this was a hot topic at last years Defcon convention in Las Vegas. I'd like to see more research done in this area.