Saturday, June 30, 2012

RiskRanker : A New malware detection technique


RiskRanker

For many years, mobile security experts have been fighting an uphill battle against malware, which has been steadily and dramatically increasing in both volume and sophistication. Well, NQ Mobile's Mobile Security Research Center, in collaboration with North Carolina State University disclosed a new way to detect mobile threats without relying on known malware samples and their signatures. 
 
"In the current scenario malicious software is present in the market place, ready to create havoc as soon as it is downloaded onto a device. Malware is discovered only after it has done irreversible damage. Existing mobile anti-virus software are inadequate in their reactive nature by relying on known malware samples for signature extraction. RiskRanker crushes the mean motives of the culprit by detecting any malicious content while it is still in the app market."

RiskRanker is a unique analysis system that can automatically detect whether a particular app exhibits dangerous behavior. It differs from other malware tools by identifying apps with risky behavior while they are in the app market and before they make their way to a user's phone.

"RiskRanker employs a unique two-step method of discovering malware," said by NQ Mobile's Vice President of Research, Dr. Simon Shihong Zou.

In a trial run earlier this year RiskRanker scanned over one hundred thousand apps from a variety of marketplaces that provide Android applications and identified 718 malware threats, including 322 zero-day threats. "The development of RiskRanker is another demonstration of NQ Mobile's leadership in mobile security and privacy," said NQ Mobile Chief Product Officer, Gavin Kim.

Zemra Botnet Leaked, Cyber Criminals performing DDoS Attacks



Zemra+Botnet+Leaked,

The Zemra DDoS Bot is currently sold in various forums for about 100 € and detected by Symantec as Backdoor.Zemra. Zemra first appeared on underground forums in May 2012.
This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. 
Zemra uses a simple panel with an overview of all statistics is needed.With the help of two graphs can be seen operating machinery and the region location.In addition, statistics on online and for more information. You have a chance to see everything online Socks5 and export them to the list.Traffic is encrypted and protected using the algorithm AES, each client communicates with a unique generated key.

A brief functional:
• Intuitive control panel
• DDos (HTTP / SYN Flood / UDP)
• Loader (Load and run).
• Cheat visits (visits to the page views).
• USB Spread (spread through flash drives)
• Socks5 (picks up socks proxy on the infected machine)
• Update (Updates the bot)
• [color = red] The process can not be completed because the He is critical.
• 256 Bit AES encryption of traffic from the bot to the server
• Anti-Debugger
• There is a choice of a particular country bots perform the job



After inspecting the source code, symantec identifies that two types of DDoS attacks that have been implemented into this bot: HTTP flood and SYN flood.

"To reduce the possibility of being infected by this Trojan, Symantec advises users to ensure that they are using the latest Symantec protection technologies with the latest antivirus definitions installed." Symantec suggest in a blog post.

Anonymous Hacks Japanese Government Websites against Anti-Piracy Laws in Japan


Anonymous+Hacks+Japanese+Government+Websites+against+Anti-Piracy+Laws+in+Japan

Japan’s legislature has approved a bill revising the nation’s copyright law to add criminal penalties for downloading copyrighted material or backing up content from a DVD. The penalties will come into effect in October.The Upper House of the Japanese Diet approved the bill by a vote of 221-12, less than a week after the measure cleared the lower house with almost no opposition. Violators risk up to two years in prison or fines up to two million yen (about $25,000).
 
Hacker activist group Anonymous has attacked Japanese government websites, and is threatening further action in protest at new stiffer penalties for illegal downloading that were passed in a copyright law amendment.

A Twitter feed, @op_japan, associated with hacking collective Anonymous claimed responsibility, reacting to the country's new anti-piracy bill.The new law outlines jail terms for those who download copyrighted content.

The finance ministry’s website was hacked on Tuesday, with messages opposing the stricter copyright laws posted on a number of its pages. The sites of the Supreme Court of Japan and the Intellectual Property High Court were also reported down overnight, while access to the sites of the two main political parties was said to be restricted. The websites of Japan's Finance Ministry, Supreme Court and political parties DPJ and LDP - are now back up.

"To the government of Japan and the Recording Industry Association of Japan, you can now expect us the same way we have come to expect you in violating our basic rights to privacy and to an open internet," concluded the message from Anonymous.

"We are aware of the Anonymous statement referring to the new copyright law, but we don't know at this point if the cyber-attacks are linked to the group," said Takanari Horino, a Ministry of Finance official, at a press conference."We are investigating where the illegal item came from," he added

According to the Recording Industry Association of Japan, 4.36 billion files were illegally downloaded in the country in 2010.In early June, members of Anonymous staged protests in 16 cities in India, against what they said was internet censorship in the country.India's Madras High Court has since changed its earlier censorship order, which centred on the issue of internet copyright, making it once again possible for web users to access video and file-sharing sites, including The Pirate Bay.

Operation Card Shop : FBI Arrested 24 Credit Card Cyber Criminals


Operation+Card+Shop

The FBI has arrested 24 cybercriminals part of an international law enforcement operation aiming to arrest and prosecute the users of a sting operation called “Carder Profit”. The suspects, collared after a two-year investigation dubbed "Operation Card Shop," allegedly stole credit card and banking data and exchanged it with each other online.

We put a major dent in cybercrime,” she said. “This is an unprecedented operation.”In the sting, which they called Operation Card Shop, undercover investigators created an online bazaar to catch buyers and sellers of credit card data and other private financial information. They also aimed at people who clone and produce the physical credit cards that are then used to buy merchandise.

Some CarderProfit users apparently learned of the involvement of the feds months ago. A Twitter user with the name @JoshTheGod wrote that “has informants and most likly to be believed as a Federal Sting,” back in April.


Names of the arrested cybercriminals:
  • MICHAEL HOGUE - xVisceral
  • JARAND MOEN ROMTVEIT - zer0
  • MIR ISLAM - JoshTheGod
  • STEVEN HANSEN - theboner1
  • ALI HASSAN - Badoo
  • JOSHUA HICKS - OxideDox
  • MARK CAPARELLI - Cubby
  • SETH HARPER - Kabraxis314
  • CHRISTIAN CANGEOPO - 404myth
Many of the 11 individuals arrested in the United States offered specialized skills and products on the sting site. One, who used the screen name xVisceral, offered remote access tools known as RATS that would spy on computers and Web cameras; the programs sold for $50 a copy.
 
Federal officials maintained that the operation prevented potential losses of more than $200 million. Credit card providers were notified of more than 400,000 compromised credit and debit cards, the officials said.

"As the cyber threat grows more international, the response must be increasingly global and forceful," Manhattan U.S. Attorney Preet Bharara said.Bharara called the crackdown "largest coordinated international law enforcement action in history" directed criminals who use the Internet to traffic in stolen credit cards and bank accounts.

Operation Card Shop is the latest in a long string of cybercrime initiatives carried out by the FBI. In January, the agency shut down file-sharing site Megaupload after its staff was charged with copyright violations (inviting a retaliatory strike from Anonymous). Late last year, the FBI announced the arrest of six Estonian citizens after they were charged with using malware to infiltrate Internet advertising services

Yet another cybercrime-friendly community was targeted in the operation, although the press release is not discussing the matter. The community in question, Fraud.su, which currently returns an index page placed there by U.S law enforcement agencies.The operation appears to be widespread, as the web site of the UGNazi group (UGNAZI.com) is also defaced by U.S law enforcement agencies.

US officials said the operation prevented losses of $205m (£131m) from debit and credit cards.

Hacker made calls worth £10,000 from public phone


 
Hacker+made+calls+worth+%C2%A310,000+from+public+phone

Computer expert Dariusz Ganski, of Sunny Bank, Kingswood, used a router to tap into BT phone boxes and made hours of calls to expensive numbers. He make calls worth £10,000 of premium-line bills and he has been jailed for 18 months.

Prosecutor David Maunder commented: "Police located the vehicle and they found Mr Ganski with two laptop computers and numerous mobile telephones."
 
Bristol Crown Court heard that the 27-year-old committed his crimes to get electronic credits for music and on-line games, while still on licence from prison for almost identical offences.

Ganski made 648 calls, totalling nearly 43 hours, from a phone box in Kelston, North East Somerset. BT was alerted to unpaid calls costing them about £7,700 on that box.

He said: “Your counsel says you’re intelligent. What a waste that what you really do is go round defrauding companies in this way.

The tale of LulzSec two admits targeting websites


Two+LulzSec+members+admits+targeting+websites

Two British members of the notorious Lulz Security hacking collective have pleaded guilty to a slew of computer crimes, in the latest blow against online troublemakers whose exploits have grabbed headlines and embarrassed governments around the world.

LulzSec members Ryan Cleary, 20, and Jake Davis, 19, pleaded guilty in a London court to launching distributed denial of service (DDoS) attacks last year against several targets, including the CIA, the Arizona State Police, PBS, Sony, Nintendo, 20th Century Fox, News International and the U.K.'s Serious Organized Crime Agency and National Health Service

Ryan Cleary is from Essex, United Kingdom who was arrested by Metropolitan Police on June 21 2011 and charged with violating the Computer Misuse Act and the Criminal Law Act 1977. He was accused of being a member of LulzSec but was not a member of the said group although he admitted that he did run one of the IRC channels that they used for communicating. He also faces prosecution of joining other members of LulzSec in using hacked computers, known as a "botnet", to steal confidential information, deface websites or attack servers.
 
Jake Davis, an 18-year old man suspected of being "Topiary" was arrested in the Shetland Islands on July 27, 2011. On July 31, 2011, the man was charged with five offences including unauthorised computer access and conspiracy to carry out a distributed denial of service attack on the Serious Organised Crime Agency's website. Scotland Yard later identified the man arrested as Yell, Shetland resident Jake Davis.

Police confiscated a Dell laptop and a 100-gigabyte hard drive that had 16 different virtual machines. The hard drive also contained details relating to an attack on Sony and hundreds of thousands of email addresses and passwords were found on the computer. A London court released Davis on bail under the conditions that he live under curfew with his mother and have no access to the Internet. His lawyer Gideon Cammerman stated that, while his client did help publicize LulzSec and Anonymous attacks, he lacks the technical skills to have been anything but a sympathizer.

The name Lulzsec is a combination of that internet slang word 'lulz' or 'lols', a distorted acronym meaning 'laugh out loud', and an abbreviation of 'security'.

Their method was to flood websites with so much traffic they would crash, otherwise known as distributed denial of service (DDoS) attacks.Davis and Cleary plotted to carry out the attacks with other unknown members of internet groups Anonymous, Internet Feds and LulzSec. To achieve this, they used a remotely controlled network of "zombie" computers, known as a "botnet", capable of being programmed to perform the attacks.ax

Davis admitted conspiring to carry out a “denial of service” attack on the Serious Organised Crime Agency.He also admitted hacking the NHS website.Cleary confessed to four charges, including hacking into US Air Force Agency computers, based at the Pentagon.

The hackers repeatedly humbled law enforcement stealing data from FBI partner organization InfraGard, briefly jamming the website of Britain's Serious and Organized Crime Agency, and publishing a large cache of emails from the Arizona Department of Public Safety.

But both denied two charges that they had posted "unlawfully obtained confidential computer data" to sites such as the Pirate Bay and Pastebin.

Members of LulzSec and its reputed leader, known as Sabu, were some of the best known in the movement. But in March, officials in the United States unmasked Sabu as an F.B.I. informant named Hector Xavier Monsegur, and officials on both sides of the Atlantic arrested roughly half a dozen people who were suspected of collaborating.

Alleged co-hackers Ryan Ackroyd, 25, and a 17-year-old A-level student, from south-London, deny their involvement in the attacks and will stand trial with Davis and Cleary in April 2013.

RSA SecurIDs Get Cracked In 13 Minutes


RSA+SecurIDs+Get+Cracked+In+13+Minutes

Major corporations, government agencies, and small businesses all hand out RSA SecurID fob keychains to employees so that they can log in to their systems for security reasons and If you’re used to seeing a device like this on a daily basis, you probably assume that it’s a vital security measure to keep your employer’s networks and data secure. A team of computer scientists beg to differ, however, because they’ve cracked the encryption it uses wide open.
 
In a paper called “Efficient padding oracle attacks on cryptographic hardware,” researchers Romain Bardou, Lorenzo Simionato, Graham Steel, Joe-Kai Tsay, Riccardo Focardi and Yusuke Kawamoto detail the vulnerabilities that expose the imported keys from various cryptographic devices that rely on the PKCS#11 standard.

They managed to develop an approach that requires just 13 minutes to crack the device’s encryption. RSA Security, a division of the data storage company EMC, is one of the largest makers of the security fobs. A spokesman for the company, Kevin Kempskie, said that its own computer scientists were studying the paper to determine “if this research is valid.”

Commonly referred to as the ‘million message attack,’ it usually requires an average of 215,000 queries to reveal a 1024-bit key. The refined method suggested in the document improves the algorithm and only requires an average of 9,400 calls to reveal the same key. They accomplished this by using a theorem that allows not only multiplication but also division to be used in manipulating a PKCS# v1.5 ciphertext to learn about the plaintext. The paper says that "the attacks are efficient enough to be practical."

Among the other vulnerable devices are SafeNet's iKey 2032 and Aladdin eTokenPro, Siemens' CardOS  and Gemalto's CyberFlex (92 minutes). Also vulnerable is the Estonian electronic ID Card, which contains two RSA key pairs

Drones can be hijacked by terrorist, Researchers says Vulnerability Exist


Drones+can+be+hijacked+by+terrorist

Fox News is reporting that researchers say that terrorists or drug gangs, with the right kind of equipment could turn the drones into “suicide” weapons.
 
A University of Texas researcher illustrated that fact in a series of test flights recently, showing that GPS "spoofing" could cause a drone to veer off its course and even purposely crash. This is particularly worrisome, given that the US is looking to grant US airspace to drones for domestic jobs including police surveillance or even FedEx deliveries

In other words, with the right equipment, anyone can take control of a GPS-guided drone and make it do anything they want it to. Spoofers are a much more dangerous type of technology because they actually mimic a command by the GPS system and convince the drone it is receiving new coordinates. With his device what Humphreys calls the most advanced spoofer ever built (at a cost of just $1,000) he was able to override the signal from space with a more powerful signal from the device.

Congress recently passed legislation paving the way for what the FAA predicts will be somewhere in the region of 30,000 drones in operation in US skies by 2020.Critics have warned that the FAA has not acted to establish any safeguards whatsoever, and that congress is not holding the agency to account.

PayPal will Pay Security Researchers for finding Vulnerabilities


paypal_bug_thumb%5B3%5D
Payment services provider PayPal will reward security researchers who discover vulnerabilities in its website with money, if they report their findings to the company in a responsible manner.

If you manage to find a security flaw in any of PayPal’s products, you may be entitled to a cash reward. "I'm pleased to announce that we have updated our original bug reporting process into a paid 'bug bounty' program," PayPal's Chief Information Security Officer Michael Barrett said in a blog post on Thursday. While Barrett disclosed vulnerability categories, he did not say how much cash the firm will be offering.

PayPal plans to categorize reported bugs into one of four categories:
  • XSS (Cross Site Scripting),
  • CSRF (Cross Site Request Forgery),
  • SQL Injection or
  • Authentication Bypass
 Researchers need to have a verified PayPal account in order to receive the monetary rewards.
 
"I originally had reservations about the idea of paying researchers for bug reports, but I am happy to admit that the data has shown me to be wrong - it's clearly an effective way to increase researchers' attention on Internet-based services and therefore find more potential issues."

Marius Gabriel Avram, a security engineer at U.K.-based security firm RandomStorm, looks for vulnerabilities in Web services operated by Google, Facebook, Twitter, Microsoft, eBay, PayPal and other companies that allow security researchers to do so, as long as they report their findings privately and don't cause any damage. It's like a challenge that helps security researchers improve their skills and, in some cases, earn some extra money, Avram said.

Avram found and reported over 10 security issues in PayPal's main and mobile websites during the past two weeks. Some of them were of high severity, he said, adding that PayPal's staff responded every time.

PayPal deserves congratulations for taking this step in the right direction.

Apple : 0 | Flashback trojan : 1 , Apple admits malware defeat


screen-shot-2012-06-25-at-12-05-23-pm

Apple has quietly removed a statement from its website that the Mac operating system isn’t susceptible to viruses. Apple released a patch to a Java vulnerability that lead to the infection of roughly 600,000 Macs with the Flashback Trojan earlier this year, there were claims weeks later from security researchers that hundreds of thousands of Macs were still infected.
 
Apple is one of the single software companies that hasn't really faced the problem of viruses, for years claiming their operating system is the most secure among all.

The specific language about the operating system, “It doesn’t get PC viruses” was replaced with “It’s built to be safe.” But now, Apple may be taking security threats more seriously.

Apple is introducing a new app security measure called Gatekeeper in the upcoming release of Mountain Lion, the latest version of Mac OS X. The majority of malware might still be floating around in the Windows world, but it’s still important to remember that no OS is bulletproof once people start shooting at it. You can never be too careful.

zAnti Pentester’s Worldcup tournament open for Hackers


zanti

Today is a great day to be a security enthusiastic since Zimperium kicked off the first ever penetration testing tournament. — Welcome to the Pentester’s Worldcup! Zimperium, a mobile security software start-up was founded by Itzhak “Zuk” Avraham, a world-renowned white-hat hacker, in 2011. The Pentester’s World Cup is part of Zimperium’s efforts to increase awareness about mobile security, and simultaneously enhance the security of its range of award-winning products.
 
You may recall Anti, The first comprehensive Penetration Testing software offered on Smartphones, Zimperium created a killer mobile app that is so simple to use, any technical person is able to perform pentest on his network to get status of which devices that are attached to the network are vulnerable, what ports are opened and additional information that is a must have for anyone who cares about the safety on his network. Last year at DEFCON, Avraham, also known as @ihackbanme, introduced the ethical-hacking tool, "Android Network Toolkit," dubbed Anti for short. At that time, it was in Beta, but now the new app is being released as Zimperium's ANTI, or zAnti for short.

We live in a dangerous mobile world today, and our goal is to significantly raise awareness about security and take steps toward securing our mobile future,” said Avraham. “The World Cup also presents an opportunity for the world’s best hackers to challenge our products and make them better. We know of several companies that changed their network configuration because of ANTI, This allows us, the users to be safer. We're thrilled to know that ANTI raised security awareness!"

Avraham explained, “World Cup Competitors will use our zAnti penetration testing software for smartphones and perform a variety of tasks such as scanning networks, finding vulnerabilities and security holes in the networks, or even cheating. The entrants will be scored on their performances and also rewarded for finding bugs.”, ANTI was originally developed to provide one-click tool to perform penetration testing tasks with a reasonable price. Most features of ANTI are free,

The winner will be awarded the “Black Card,” an entrance ticket worth $2,000 for the Black Hat event during July 25-26 and hotel accommodations in Las Vegas. The top 10 players will receive free Platinum, Gold or Silver accounts in zAnti.

Top 10 researchers will receive T-shirts and wristbands to enter Zimperium’s closed event at the Las Vegas Black Hat event. Researchers who find a bug and report it to Zimperium will receive 500 points and a cool zAnti t-Shirt.- The reported glitch will affect the score of every participant who used it - a hacker's duel! The World Cup ends July 16.


Keep an eye on the Pentester's World Cup Leaderboard. May the best hacker win!

About Zimperum
Zimperium Ltd. is a privately owned mobile security software start-up located in Tel Aviv, Israel.
The company was founded in 2011 by Itzhak “Zuk” Avraham, a highly regarded security researcher.

Zimperium has set for itself a simple goal: Ensure world-class mobile security for enterprises, governments and mobile carriers.
Starting out with a team of nine Ninjas using their collective Zen, Zimperium has created multiple products that secure our mobile environment against targeted hacking attempts (APT) or widespread threats (Worms) with very neat 0day protection features.

Anonymous Hackers shut down website of Colombia Justice Ministry


hack

Anonymous hackers shut down the websites of Colombia's Justice Ministry website on Friday evening. The website was back online Saturday morning.
 
Also, The website of Cambio Radical, the political party of Interior Minister German Vargas Lleras, was hacked later Friday evening and was still showing a message saying "You have been hacked".

Anonymous said on its facebook page the Ministry's website was shut down to protest "impunity" granted to corrupt politicians by a justice reform that had been approved by Congress but was sent back to the legislative branch by President Juan Manuel Santos on Thursday because of its unconstitutionality and inconsistencies that “do not favor justice and transparency.”

Last Year, Anonymous and Colombian Hackers were behind the shut down of the websites of Colombia's president, the interior and justice ministry, the intelligence service DAS and the governing U party.


A virus specialized for AutoCAD, a perfect cyber espionage tool


11751368-3d-product-A+virus+specialized+for+AutoCAD,+a+perfect+cyber+espionage+tool
In recent years we are assisting to a profoundly change in the nature of malware, it is increased the development for spy purposes, for its spread in both private and government sectors. The recent case of Flame malware has demonstrated the efficiency of a malicious agent as a gathering tool in a typical context of state-sponsored attack for cyber espionage.

Event like this represent the tip of the iceberg, every day millions of malware instances infect pc in every place in the world causing serious damages related to the leak of sensible information. Specific viruses are developed to address particular sectors and information, that is the case for example of “ACAD/Medre.A”, a malware specialized in the theft of AutoCAD files. The virus has been developed to steal blueprints from private companies mostly based in Peru according the expert of the security firm ESET.
 
pic

 
The virus is able to locate AutoCAD file on infected machines and to send them via e-mail to accounts provided by two Chinese internet firms, 163.com and qq.com.

The malware detected is written in AutoLISP, an AutoCAD scripting language, ACAD/Medre for the shipment of stolen data creates a password protected RAR-file containing the blueprints and the requisite “acad.fas” file and a “.dxf” file and send it separately by e-mail. The .DXF file generated by ACAD/Medre contains a set of information that the recipient uses to the collecting of stolen files.

The password used for the RAR file is just one character equals to “1”.
 
pic

Once discovered the email accounts used to transfer the stolen data the group of researcher noticed that the InBox for each of them was full, they turned out all saturated by over 100,000 mails giving an idea of the dimension of the attack.

The virus has been detected several months ago but only in the last weeks it has been observed an explosion of the number of infected systems.
 
The researcher Righard Zwienenberg researcher of ESET declared “It represents a serious case of industrial espionage,” “Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production.”

“They may even have the guts to apply for patents on the product before the inventor has registered it at the patent office.”

The malware not limits its action to steal Autocad projects, it also checks the presence of Outlook email client to steal the pst file containing contacts, calendar and emails, confirming its genesis of espionage tool.

For completeness of information ESET provided a free stand-alone cleaner available for the ACAD/Medre.A worm. Every time we speak about of cyber espionage we could not think other that China, however the practice is really diffused and the fact that the accounts are related to Chinese accounts is clue but not a certainty.

It’s clear that Chinese hackers are considered worldwide specialist in cyber espionage, the case of Nortel is considered a case study for the impact of cyber espionage on the business of private companies.

The Chinese government, and not only, at least a decade sponsored espionage activities for stealing trade secrets, confidential information and intellectual property of various kinds. Many experts are convinced that thanks to their ability to spy they were able, through the theft and reverse engineering of products, to clear the technological gap with the western industry.

This time the Chinese authorities have demonstrated a collaborative approach identifying and blocking the accounts used for theft. Tens of thousands of AutoCAD blueprints leaked, the team of ESET experts promptly contacted the Chinese authorities such us Tencent company, owners of the qq.com domain, and also the Chinese National Computer Virus Emergency Response Center, their collaboration was essential to access to the account blocking them.

Another lesson learnt is an efficient fight to the cybercrime must be conducted with a total collaboration of all the involved actors. Only in this way it’s possible to conduct an efficient immunization
.
Written By: Pierluigi Paganini
[Source]

Department of Homeland Security and U.S Navy hacked


Homeland+Security+and+U.S+Navy+hacked

Department of Homeland Security and U.S Navy websites once again at Major Risk. This time hacking group called "Digital-corruption" hacked into subdomains of both sites and leak database info on pastebin.

In its announcement on the pastebin.com website, the group said it has leaked database from https://www.smartwebmove.navsup.navy.mil/ and twicinformation.tsa.dhs.gov using Blind SQL-Injection method.
The Database include Usernames, Passwords, Email ID's, Security Questions - Answers of all users.
Hackers shout:
say("#FreeTriCk #FreeMLT #FreePhantom");
say("Knowledge is power!");
say("NAVY.MIL, care to share some of your staff information?");

Department of Homeland Security and U.S Navy websites are hacked lots of times in past one year by Different hackers from all over world.

Russian Botnet Hacker arrested for hacking into six million computers


Botnet-malware

Police have detained a 22-year-old hacker who created a system of networked computers that was used to steal more than 150 million rubles ($4.47 million) from people's bank accounts and already one of the most wanted hacker in the world. But now, "Hermes" is, has been tapped over six million computers and earns around 5 million francs, was caught in Russia.
 
The network infected around six million computers with a Trojan virus, which helped get access to users' bank accounts. About the Trojans secretly installed, he had arranged illegal money transfers, said the interior ministry in Moscow on Friday.

Police from Division K, the cybercrime branch of the Interior Ministry, searched the hacker's place of residence, confiscating computers and arresting the suspect. The statement did not specify when the arrest was made.The botnet built by the hacker included around 6 million computers from regions that included Krasnodar, Samara, and Ivanovo, as well as from the cities of Moscow and St. Petersburg, where the majority of the infected computers were located.

The hacker faces a lengthy jail term if convicted on fraud charges.

20-year-old Anonymous Hacker arrested by Bulgarian Police


Anonymous+Hacker+arrested+by+Bulgarian+Police
Bulgarian police authorities have arrested an alleged member of the loosely associated Anonymous hacktivist group. The 20-year-old suspect has allegedly attacked the website of Prophon, a Bulgarian music licensing company.

The reason - Mitko was against paying for music and movies, like to draw at will from the network. The attack he made on February 5, 2012 as able to penetrate into account the site administrator. Following the intervention of Mitko, entering the address www.prophon.org is appeared a message that "Anonymous" seize the site.

"PROPHON Hello, We are Anonymous. We learned that you are greedy and another 12 organizations have signed an open letter in support of the so-called. Agreement ACTA. This is unacceptable and this angered us. You are first, not last. This should be a lesson to all who support ACTA. We are Anonymous. We are legion. We do not forgive. We will not forget. Expect us, "the message of hackers.
 
Police have seized four PCs, eleven servers, three laptops, a large amount of hard discs, flach memory cards, CDs and DVDs, according to the Bulgarian Interior Ministry.The suspected hacker is said to have admitted his guilt.

Mitko has completed secondary education right in the field of high technologies in the future dreams is your hosting company and continue their education. Ministry of Interior does hope Mitko to harness their skills for good and constructive things. For this offense the law provides for up to 1 year in prison, but because the young man has a criminal record and admitted his guilt, probably Themis will judge "probation" for his offense.

Windows 8 will be challenge for Malware writers


Windows+8+will+be+challenge+for+Malware+writers
Microsoft™s security researcher believe that upcoming operating system, Windows 8 is a step forward in security and Windows 8 will be far better at protecting against malware than it’s predecessors.

Chris Valasek, a senior security research scientist at development testing firm Coverity, began examining the security features of Windows 8 last autumn, before the consumer previews of the upcoming revamp of the new Microsoft OS came out.

"There are always going to be vulnerabilities but you can make it difficult to leverage vulnerabilities to write exploits." One major change between Windows 7 and 8 is the addition of more exploit-mitigation technologies, however. Windows Memory Managers (specifically the Windows Heap Manager and Windows Kernel Pool Allocator) are designed to make it far harder for attackers to exploit buffer-overflow vulnerabilities and the like to push malware onto vulnerable systems.
 
The "security sandbox" for applications for Windows 8 will also be a great step forward. "These new Windows 8 Apps will be contained by a much more restrictive security sandbox, which is a mechanism to prevent programs from performing certain actions," Valasek explains. 

"This new App Container provides the operating system with a way to make more fine-grained decisions on what actions certain applications can perform, instead of relying on the more broad ‘Integrity Levels’ that debuted in Windows Vista/7.

Windows 8 also comes with a new version of Internet Explorer, Microsoft's browser software. Internet Explorer 10 will come with a mode that disables support for third-party plug-ins such as Flash and Java.

Hackers Exploit Unpatched Windows XML vulnerability


Hackers+Exploit+Unpatched+Windows+XML+vulnerability

An unpatched vulnerability in the Microsoft XML Core Services (MSXML) is being exploited in attacks launched from compromised websites to infect computers with malware. This zero-day exploit that potentially affects all supported versions of Microsoft Windows, and which has been tied to a warning by Google about state-sponsored attacks, has been identified carrying out attacks in Europe.
 
Microsoft security bulletin MS12-037 was this month’s cumulative update for Internet Explorer. It is rated as Critical, and addresses 14 separate vulnerabilities that affect every supported version of Internet Explorer in some way.One vulnerability in particular is more urgent than the rest, though. There are multiple attacks circulating online that target CVE-2012-1875.The name of the vulnerability is “Same ID Property Remote Code Execution Vulnerability”, which doesn’t really explain much.

Until a patch is released, the Microsoft workaround is the only way to stymie hackers. Many security vendors have updated their products to detect malicious code that tries to exploit the vulnerability. Exploit code that works on all versions of Internet Explorer on Windows XP, Vista and 7 has been added to the Metasploit penetration testing framework.

Microsoft has provided a temporary fix for the vulnerability that all Windows users should apply whether or not they use IE as their browser of choice. Most antivirus products have added signatures to detect and block exploits.

In addition, you can also run the Fix-It tool from Microsoft. The automated tool implements measures to block the attack vector used to exploit this vulnerability.

Scamming site taken down by Hackers


down

When hundreds of kids were duped into taking courses to improve their grades with a promise of an ipod if they succeeded, many pressured their parents to help find the company called Advantage Point Academy (http://www.advantagepoint.org/) a place to administer the lessons. Advantage point got parents in many schools through California, Oregon, and Washington to rent rooms and give their kids lessons that supposedly made them smarter........with a prize of an ipod when they finished.
 
Advantage Point got their money for enrolling the kids but the kids got lessons and no ipods. Kids and parents have been calling, writing, reporting to the States and posting complaints on the companies Facebook page to no avail.

In stepped xL3gi0n, who felt that if nothing else, a little web removal would bring solace to a disappointed and scammed group of parents and kids. On June 21st in the wee hours of the morning the site was taken down and all files removed. They scanned the website and did an Advanced SQL injection (manually) Blind SQli.

xL3gi0n feels strongly that the little person should get equal attention in a larger world fraught with corruption and strife.

Friday, June 22, 2012

Trojan.Milicenso - Printer Trojan cause massive printing


Trojan.Milicenso+-+Printer+Trojan+cause+massive+printing
A Trojan that sends printers crazy, making them print pages of garbled nonsense until all the paper has been used up, has seen a spike in activity.Symantec detected the Trojan.Milicenso across various countries, but the worst hit regions were the US and India followed by regions in South America and Europe, including the UK.

According to a blog post published Thursday by researchers from antivirus provider Symantec, Dubbed “Trojan.Milicenso” it has been described by security researchers as a malware delivery vehicle ”for hire” through its repeated use since it was first discovered in 2010.

The Milicenso Trojan is actually a backdoor that is used to deliver other malware on the affected machines. The infection vectors are links and malicious attachments in unsolicited emails, as well as websites hosting malicious scripts that trigger the download of the Trojan.
 
Depending on the configuration, any files, including binary files, created in that folder will trigger print jobs,” said Symantec. "The Trojan creates and executes a dropper executable, which in turn creates a DLL file in the %System% folder"

It’s like dragging a system file into a plain-text editor: most of the time you’ll see garbage. Symantec said there were a number of ways the malware can find its way onto PCs, including opening a malware-laden email attachment, through a compromised website, or posing as fake video codecs.Once the malware is opened, it redirects the user to pages to serve up adverts; a common way for malware writers to generate quick revenue.

Fujitsu cracks 278-digit crypto in 148 Days using 21 PCs


Fujitsu+cracks+278-digit+crypto+in+148+Days+using+21+PCs

A team of researchers in Japan have successfully broken a 278-digit piece of crypto in less than 200 days. Fujitsu Laboratories Limited, National Institute of Information and Communications Technology (NICT) and Kyushu University jointly broke a world cryptography record with the successful cryptanalysis of a 278-digit (923-bit)-long pairing-based cryptography, which is now becoming the next generation cryptography standard.
 
"We were able to overcome this problem by making good use of various new technologies, that is, a technique optimising parameter setting that uses computer algebra, a two dimensional search algorithm extended from the linear search, and by using our efficient programing techniques to calculate a solution of an equation from a huge number of data, as well as the parallel programming technology that maximises computer power."

This doesn't mean that pairing-based cryptography, which is rapidly becoming a go-to standard in crypto, is now useless. (It's to be used in everything from securing government networks to locking down financial systems.) Rather, the research is intended to establish just how long keys need to be in order to be reasonably secure against attacks by efficient algorithms and powerful computers.

Their work smashes the previous record of a 204 digit (676 bit) system which Japan's Hakodate Future University and NICT managed in 2009.Fujitsu claimed that today’s record required several hundred times the computational power of the 2009 effort – in effect this amounted to 21 PCs, or 252 cores.

Fujitsu also said it used a parallel programming technology that maximises computer power to complete the task.The Japanese firm was keen to note that the result of the diciphering is more than just a new world record.

Indian ISPs get court relief, Torrent Sites Unblocked


Screen-shot-2012-06-20-at-5.29.04-PM


After weeks of confusion and frustration with blocked websites, the mess finally looks to be clearing. Indians are all heaving a sigh of relief because their ISPs have unblocked the access to the file-sharing, video-streaming BitTorrent sites that include The Pirate Bay, Torrentz.eu, Vimeo among others.
 
It was in news last month that following Reliance, Airtel had also blocked torrent services and video sites after they received the ‘John Doe’ court order. Thousands of users from various states of India found the access to torrents blocked.

India's Medianama is reporting today that the Madras High Court recently limited a badly drafted April ruling on the subject. The court said in its updated ruling, according to Medianama, which obtained a copy of it, that "the interim injunction is granted only in respect of a particular URL where the infringing movie is kept and not in respect of the entire website. Further, the applicant is directed to inform about the particulars of URL where the interim movie is kept within 48 hours."

MediaNama reports that the Madras High Court, on an appeal filed by a conglomerate of Internet Service Providers (ISPs), has passed an order saying that entire websites cannot be blocked on the basis of "John Doe" orders.

Starting with the movie Singham, for which Reliance Entertainment had taken a John Doe order last year, movie studios have been consistently getting John Doe orders blocking access to file sharing, video sharing and torrenting websites.

Intel CPU Vulnerability can provide control of your system to attacker


Intel+CPU+Vulnerability

The U.S. Computer Emergency Readiness Team (US-CERT) has disclosed a flaw in Intel chips that could allow hackers to gain control of Windows and other operating systems.
 
The flaw has already been exploited on 64-bit versions of Microsoft Windows 7, FreeBSD, NetBSD and there’s a chance Apple’s OS X may also be vulnerable.

The flaw was disclosed the vulnerability in a security advisory released this week. Attackers could execute malicious code via kernel privileges or launch a local privilege escalation attack. 

VMware's virtualization software is not affected, and neither are AMD's processors, as they do not use the SYSRET instruction whose incorrect handling causes the flaw or handle it differently.Many of the affected vendors have already pushed out an update that defuses the flaw.

However, it said that while 32-bit operating systems are safe, "Intel CPUs that use the Intel 64 extension need the security patches released by Microsoft in their MS12-042 security bulletin."

US and Israel developed Flame Malware against Iran


US+and+Israel+developed+Flame+Malware+against+Iran

Unnamed Western officials confirmed that Flame was developed by US and Israeli governments. The United States and Israel jointly developed the Flame computer virus that collected intelligence to help slow Iran's nuclear program.

The massive piece of malware secretly mapped and monitored Iran’s computer networks, sending back a steady stream of intelligence to prepare for a cyber­warfare campaign, according to the officials.
 
The effort, involving the National Security Agency, the CIA and Israel’s military, has included the use of destructive software such as the Stuxnet virus to cause malfunctions in Iran’s nuclear-enrichment equipment.

The cyber campaign against Iran's nuclear program has included the use of another computer virus called Stuxnet that caused malfunctions in Iran's nuclear enrichment equipment.

This is about preparing the battlefield for another type of covert action,” said one former high-ranking U.S. intelligence official, who added that Flame and Stuxnet were elements of a broader assault that continues today. “Cyber-collection against the Iranian program is way further down the road than this.

Flame was discovered back in May, following an investigation into a series of mysterious data loss incidents at Iran's Oil Ministry. Those attacks were carried out in April by the Israeli part of the operation without knowledge from the U.S. side.

Security researchers from Kaspersky Lab believe that Flame was created in the first half of 2008. Stuxnet was discovered in June 2010, but the first variant of the malware is believed to date from June 2009.

Spokesmen for the CIA, the NSA and the Office of the Director of National Intelligence, as well as the Israeli Embassy in Washington, declined to comment.

Linkedin sued by Member for Hacking Incident


linkedin+sued+by+Member+for+Hacking+Incident

Illinois resident Katie Szpyrka filed a $5 million class action lawsuit against LinkedIn in the US District Court in the Northern District of California on June 15, claiming the business-oriented social networking site violated its own user agreement and privacy policy.

The move comes in relation to a security breach around June 6 when LinkedIn admitted that encrypted passwords belonging to some 6.5 million of its 160 million users had been stolen and posted on the web.
 
The incident resulted in hackers posting users’ information online but it is not yet clear how much data they obtained. Szpyrka, who pays a monthly fee of $26.95 for a premium LinkedIn account, says the networking site used an alarmingly weak encryption format whereby it failed to ‘salt’ the passwords before storing them.

The suit alleges that LinkedIn failed to adequately protect members because it stored passwords in an unsalted SHA hashed format, which Szpryka contends is an outdated hashing function first published in 1995 by the National Security Agency. By storing passwords in hashed format without first salting them runs afoul of conventional data protection methods and poses significant risks to the integrity of users' sensitive data, the suit says.

LinkedIn posted the following statement: "We have recently learned that a class action lawsuit has been filed against the company related to the theft of hashed LinkedIn member passwords that were published on an unauthorized website. No member account has been breached as a result of the incident, and we have no reason to believe that any LinkedIn member has been injured. Therefore, it appears that these threats are driven by lawyers looking to take advantage of the situation. We believe these claims are without merit, and we will defend the company vigorously against suits trying to leverage third-party criminal behavior."

Hacker charged for hacking into U.S. Energy Department


Hacker+charged+for+hacking+into+U.S.+Energy+Department

Andrew James Miller, a 23-year-old resident of Devon, Pennsylvania, was arrested on Thursday and charged with one count of conspiracy, two counts of computer fraud, and one count of access device fraud, according to a statement issued by the Justice Department's Criminal Division.
 
According to the indictment, between 2008 and 2011, Miller and others allegedly remotely hacked into computer networks belonging to RNK Telecommunications Inc., a Massachusetts company; Crispin Porter and Bogusky Inc., a Colorado advertising agency; the University of Massachusetts; the U.S. Department of Energy; and other institutions and companies.

The indictment alleges that when Miller hacked into the computers, he obtained other users’ access credentials to the compromised computers. He and his co-conspirators then allegedly sold access to these computer networks as well as other access credentials.

After gaining unauthorized access to these systems, Miller is alleged to have installed Trojan horse programs that gave him access to the networks which he and his co-conspitrators sold online.Miller and his co-conspirators were discovered after they attempted to sell access to the victim networks to an undercover FBI agent.

The indictment details an IRC conversation between Miller and an undercover agent in which Miller exchanges access to RNK’s servers and a list of hundreds of user names and passwords for two payments of $500.00. Payment was to be made to Andrew Miller of Lancaster, PA, via Western Union.

Miller later requested two payments of $600 via Western Union in exchange for a U-Mass database dump and $1,000.00 for access to CPB Group. At one point, Miller attempted to sell the FBI access to a supercomputer belonging to the DoE’s National Energy Research Scientific Computing Center for $50,000.

Miller faces up to five years in prison for the conspiracy count and one of the computer fraud counts, and up to 10 years in prison on one of the computer fraud counts and the access device fraud count, to be followed by three years of supervised release, a $250,000 fine and restitution, if convicted.

Saturday, June 16, 2012

LulzSec hacker - Brit Ryan Cleary charged for Sony and Fox hacks


Brit+Ryan+Cleary+charged+for+Sony
A 20-year-old Briton suspected of links to the hacking group Lulz Security is accused of cracking into websites for a Fox reality TV show, a venerable news show and other sites to deface them or steal personal information, federal prosecutors said Wednesday.

Ryan Cleary, 20, reportedly had ties to the well-known branch of Anonymous called LulzSec before he was arrested in London last June (although the hacktivist group denies his involvement with it). U.S. federal prosecutors said today that he worked to take down, deface, and steal personal information from Web sites.

In a separate and similar case filed against Cleary in the United Kingdom in 2011, he faces allegations that he and others hacked a law enforcement agency, the Serious Organized Crime Agency, and various British music sites - all while he was still a teenager.

Commenting on Tuesday’s indictment, FBI spokesperson Laura Eimiller said, “Cleary is a skilled hacker. He controlled his own botnet, employed sophisticated methods and his broad geographic scope affected a large number of businesses and individuals.”Those businesses included Sony Pictures Entertainment, Fox Entertainment and the Public Broadcasting Service.
 
The attacks, carried out between April and June last year, made international headlines as global companies began to wonder if they would be next to suffer at the hands of LulzSec, an off-shoot of the larger Anonymous hacking group.

Cleary is charged with one count of conspiracy and two counts of unauthorized impairment of a protected computer. He faces a maximum sentence of 25 years in prison if convicted.

In September 2011, the FBI arrested LulzSec member Cody Kretsinger, a 24-year-old Phoenix citizen. He pleaded guilty to participating in an attack on Sony Pictures’ website, stealing personal information from registered users of the site and, according to Sony, causing over $500,000 of damage in the process.

United States Department of Defense data leaked by Anonymous hackers


dod-coin-on-american-flag

 
A group called the "Wikiboat" belongs to Anonymous hackers have attacked the Defense.gov website and leaked data from the website. They have published the leaked data to the pastebin note. Also, today the Wikiboat targeted the GEMA.de website and took it offline.

The leaked data includes some officials name, Emails ID's and Phone numbers as shown below:
dod_data

Hackers claim that, they have not collect this data from any SQLi vulnerability, even this data is collected form other sources. Three weeks before they was threatening to take down the websites of companies like Apple, Bank of America and Toyota and leak sensitive data.
 
As part of its "Operation New Son ' they announced to attacks on a number of international companies.

Tuesday, June 12, 2012

OpenVPN Defaced by Hackers


OpenVPN+Defaced+by+Hackers

OpenVPN is a robust and highly flexible tunneling application that uses all of the encryption, authentication, and certification features Got Hacked Yesterday by Hacker called "HcJ".Hacked deface the page as shown in above picture. Words form Page:
OPENVPN Hacked
No News Is a Good News
HcJ & Cyb3R-1sT & Egyptian.H4x0rZ & Sas-TerrOrisT & H311 c0d3 &ISM H4CK
Quote of the Day
Don’t be lammer, Leave your computer and enjoy your summer ./ HcJ

During the writing of post, OpenVPN officials restore the site back to original state. If you like to see the deface page, can visit Zone-H for mirror.

VPN Hacks May Leak Information: Such hacks can also be carried out by investigation agencies to collect evidences against various hackers. Always use double VPN or Tor with VPN for better Security.

10000 Twitter User oauth token hacked and Exposed by Anonymous


data

Anonymous Hackers, with Twitter account "LulzsecReborn" Hack into TweetGif (http://tweetgif.com) and Hack complete Database, Later they publish that on Internet also. TweetGif is a website which allow you to use animated GIF image as your twitter picture.
 
LulzSec Reborn, a 3.0 version of the earlier LulzSec, has leaked 10,000 Twitter profiles’ passwords,  Usernames, real names, locations, bios, avatars and secret tokens used to authenticate their accounts.
Pastebin message posted: The leaked data was uploaded to embed upload and contains a 4 MB SQL file with all the users details.
Users table from http://tweetgif.com/ nothing serious like 10.000 twitters…
http://www.embedupload.com/?d=9ZMOMGIIQA


How Hackers and Spammer can use this?
OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. If your Twitter oauth Secret Key and Token get compromised , then application or Hacker can user your Twitter account on Behalf of Your access. You can get sample script here. These accounts can be used to spam over 10000 of compromised twitter accounts.

Also if hackers are able to compromise the keys of popular applications like TweetGif and use those keys to evade Twitter's abuse controls. By using the consumer key and consumer secret key from a popular third-party Twitter application, a spammer can make it harder for Twitter to lock out all of his spam accounts at once without also locking out a large number of legitimate users of the compromised application.

How you can Protect your Twitter Account: If you are also TweetGif  User, you need to go to settings > apps > deauthorize app. #TweetGif. "Revoke Access".
Recommended Post Slide Out For Blogger