Week in security: NASA fails, Microsoft sneaks, Zeus phishing, cyber security fiction?

A look back at the week's biggest security-related news stories.

With botnets everywhere, DDoS attacks get cheaper
Cyber-crime just doesn't pay like it used to.Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics. "The barriers to entry in that marketplace are so low you have people basically flooding the market," said Jose Nazario, a security researcher with Arbor Networks. "The way you differentiate yourself is on price."

Sneaky Microsoft plug-in puts Firefox users at risk
An add-on that Microsoft silently slipped into Mozilla's Firefox last February leaves that browser open to attack, Microsoft's security engineers acknowledged earlier this week. One of the 13 security bulletins Microsoft released Tuesday affects not only Internet Explorer (IE), but also Firefox, thanks to a Microsoft-made plug-in pushed to Firefox users eight months ago in an update delivered via Windows Update.

Phishing attacks with Zeus Trojan targeting Outlook Webmail shops
Targeted phishing attacks aimed at getting Outlook Web Access users within enterprise organizations to download a Trojan designed to steal financial and account information is spreading fast. "It started yesterday, with more than 50 customers of ours receiving this e-mail and we've been targeted ourselves," says Mickey Boodaei, CEO of security firm Trusteer.

NASA network security torched
While NASA may be focused on keeping its manned space flight plans intact, apparently it has seriously neglected the security of its networks. Watchdogs at the Government Accountability Office issued a 53-page report pretty much ripping the space agency’s network security strategy stating that NASA has significant problems protecting the confidentiality, integrity, and availability of the information and variety of networks supporting its mission centers.

NetworkWorld Extra: 10 NASA space technologies that may never see the cosmos

Ford tech trade secrets stolen by China?

Despite the fact that the auto industry is going through some extremely tough times apparently doesn’t make foreign countries covet its technology any less. Case in point: A federal indictment was handed down this week charging ex-Ford engineer Xiang Dong Yu, aka Mike Yu of Beijing, China, with steeling 4,000 Ford documents containing a ton of trade secrets. He has been officially charged with theft of trade secrets, attempted theft of trade secrets and unauthorized access to a protected computer.

NetworkWorld Extra: Seven advanced car technologies the government wants now

Hacked Facebook apps lead to fake antivirus software
New applications are turning up on Facebook. Unfortunately, some of them are fake antivirus programs. While researching Web sites that host malicious software, Roger Thompson, chief research officer of software security company AVG, noticed something funny. A Russian Web site known for hosting malware was getting lots of referrals from Facebook.