Tuesday, December 14, 2010
McDonald's is working with law enforcement authorities after malicious hackers broke into another company's databases and stole information about an undetermined number of the fast food chain's customers.
McDonald's has also alerted potentially affected customers via e-mail and through a message on its Web site. "We have been informed by one of our long-time business partners, Arc Worldwide, that limited customer information collected in connection with certain McDonalds websites and promotions was obtained by an unauthorized third party," a McDonald's spokeswoman said via e-mail on Saturday. McDonald's hired Arc to develop and coordinate the distribution of promotional e-mail messages, and Arc in turn relied on an unidentified e-mail company to manage the customer information database. This e-mail company's systems were hacked into.
(Source: Computer World)
Friday, September 10, 2010
A booby-trapped e-mail that promises free sex movies is racking up victims around the world, warn security firms. Some variants of the Windows worm contain a link to PDF that a recipient has been told to expect. Those clicking on the link get neither movies nor documents but give the malware access to their entire Outlook address book. When installed, the worm sends copies of itself to every e-mail address it can find.
The malicious e-mail messages have a subject line saying "Here you have" and contain a weblink that looks like it connects to a PDF document. Instead it actually links to a website hosting the malware.
Tuesday, July 06, 2010
A new targeted malware attack is threatening UK bank customers. Security firm Trusteer said that it has spotted a malware attack that compromises user credentials by creating a fake bank log-in page and then uses those credentials to perform an "authorised" monetary transfer. The attack is being spread through multiple infection methods, including web-based exploits and spam email attachments. Rather than aim to infect numerous systems around the world, however, the company said that the attack is specifically targeting the UK and focusing on very few banks at a time, anywhere from three to seven in a single run.
The UK is not the first country to be targeted for such attacks. Trusteer has spotted similar operations in South Africa and Germany.
Thursday, June 17, 2010
Experts from nearly 40 countries gathered in the Estonian capital Tallinn to discuss the latest issues in the fight against virtual attackers. Estonian President Toomas Hendrik Ilves opened the conference with a stark warning about the seriousness of cybercrime. "Our critical infrastructure, electricity grids, transportation networks and mobile phone networks are so enmeshed and tied to the internet that any open society is open to complete and utter failure," he said. "There are no smoking guns, no foot or fingerprints in virtual reality," Estonia's Minister of Defence Jaak Aviksoo added.
Skilled hackers at the conference said malware designed to be used in attacks could be purchased for a few hundred dollars online, or even downloaded for free.
Wednesday, June 16, 2010
Police have arrested 178 people in Europe and the United States suspected of cloning credit cards in an international scam worth over 20 million euros ($24.52 million), Spanish police said on Tuesday. Police in fourteen countries participated a two-year investigation, initiated in Spain where police have discovered 120,000 stolen credit card numbers and 5,000 cloned cards, arrested 76 people and dismantled six cloning labs. The raids were made primarily in Romania, France, Italy, Germany, Ireland and the United States, with arrests also made in Australia, Sweden, Greece, Finland and Hungary.
Thursday, June 10, 2010
Federal chief information officers and chief information security officers will convene Monday, June 14, at an annual information technology conference where they are sure to discuss the Office of Management and Budget's mandate to look toward cloud computing to cut IT costs, increase efficiencies and enable greater government-wide collaboration and data exchange. In examining the potential benefits and vulnerabilities of moving their services to the cloud, government CIOs and CISOs should ask and demand answers to some difficult questions.
Does your provider ensure the confidentiality, integrity and availability with mature processes, proof of past performance, understanding of and mechanisms for disaster recovery options, and encrypted backups?
(Source: GovInfo Security)
Wednesday, June 02, 2010
The number of internet threats coming from the UK has increased in May, according to research by managed security firm, Network Box. The UK is now responsible for nearly six (5.9) per cent of the worlds internet viruses, up from three per cent in April. The only countries that produce more viruses than the UK are Korea (16.26 per cent) and the US (11.68 per cent). The US and India continue to dominate the production of the worlds spam, with the US producing 10.7 per cent, and India 7.1 per cent (similar figures from last month).
Russia has seen a decline in viruses produced from within its borders possibly an early result of Russian hosting service, PROXIEZ-NET notoriously used by criminal gangs being taken down earlier this month.
(Source: Network Box)
Monday, May 31, 2010
According to the latest data by Trend Micro, a leading Internet security company, more than 2 million computers were hacked and 476 million spam e-mails were sent in Turkey between June 2009 and May 2010. With Internet an increasingly integral part of daily life, criminals are finding new playgrounds in cyberspace.
In 2004 there were 680 million Internet users and 3 million malwares globally. Six years later, the number of Internet users increased to around 1.7 billion, but malwares jumped 10-fold to 30 million. The nature of the Internet also makes it harder to track down a criminal of cyber crime, as it crosses borders and is hard to understand. It is not like a bank robbery. There is no eyewitness or video footage,
(Source: Hurriyet Daily News)
Hurriyet Daily News
Friday, May 21, 2010
Carders.cc, a German online forum dedicated to helping criminals trade and sell financial data stolen through hacking, has itself been hacked. The once-guarded contents of its servers are now being traded on public file-sharing networks, leading to the exposure of potentially identifying information on the forums users as well as countless passwords and credit card accounts swiped from unsuspecting victims.
The breach involves at least three separate files being traded on Rapidshare.com: The largest is a database file containing what appear to be all of the communications among nearly 5,000 Carders.cc forum members, including the contents of private, one-to-one messages that subscribers to these forums typically use to negotiate the sale of stolen goods. Another file includes the user names, e-mail addresses and in many cases the passwords of Carder.cc forum
(Source: Krebs on Security)
Krebs on Security
The UAE can lead international efforts to promote global cyber security and cyber peace and to avoid the use of cyberspace for conflict, said a former senior White House adviser on Tuesday. "The UAE can play a leading role in creating an international system for cyber peace. You can do that not just by computers. But you can do that by strategists and diplomats. And there is a great role for the UAE to play in helping the world step back from cyber war to create an international system for cyber peace," said Richard Clarke, who served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush.
Warning that cyber war is the next threat to UAE national security, Clarke argued physical defences akin to borders such as firewalls will remain essential, but given the high levels of cross-border connectivity in cyber world, new approaches for cyber security must include the international diplomatic dimension.
(Source: Gulf News)
Wednesday, May 19, 2010
Du 17 au 21 mai 2010 se tient à Ouagadougou un atelier sur la cybersécurité. Avec comme objectif de former les acteurs chargés de la sécurisation du cyberespace à la lutte efficace contre les cybermenaces, cette session connaît la participation de délégués de la Côte dIvoire, du Ghana, du Mali et du Nigeria. Les travaux dudit séminaire ont été ouverts par le Secrétaire général du Premier ministère, Paul Marie Compaoré.
Face aux spams, scams, virus, vers et autres cyberattaques, il est plus quurgent de développer des stratégies et des dispositifs de pointe à même de sécuriser les systèmes du cyberespace en le protégeant de toutes ces cybermenaces. Cest dans cette optique que lUnion internationale des télécommunications (UIT), en partenariat avec IMPACT et lAutorité de régulation des communications électroniques (ARCE) du Burkina, organise du 17 au 21 mai 2010, un atelier sur la cybersécurité.
(Source: Le Faso)
Tuesday, May 18, 2010
Phishing may not be the most sophisticated form of cyber crime, but it can be a lucrative trade for those who decide to make it their day jobs. Indeed, data secretly collected from an international phishing operation over 18 months suggests that criminals who pursue a career in phishing can reap millions of dollars a year, even if they only manage to snag just a few victims per scam.
Phishers often set up their fraudulent sites using ready-made phish kits collections of HTML, text and images that mimic the content found at major banks and e-commerce sites. Typically, phishers stitch the kits into the fabric of hacked, legitimate sites, which they then outfit with a backdoor that allows them to get back into the site at any time.
(Source: Krebs on Security)
Krebs on Security
Friday, May 14, 2010
Researchers at Imperva have discovered an 'experimental' botnet that uses around 300 hijacked web servers to launch high-bandwidth DDoS attacks. The servers are all believed to be open to an unspecified security vulnerability that allows the attacker, who calls him or herself 'Exeman', to infect them with a tiny, 40-line PHP script. This includes a simple GUI from which the attacker can return at a later date to enter in the IP, port and duration numbers for the attack that is to be launched. Building a Secure and Compliant Windows Desktop: Download nowBut why servers in the first place? Botnets are built from PCs and rarely involve servers.
According to Imperva's CTO, Amachai Shulman, they have no antivirus software and offer high upload bandwidth, typically 10-50 times that of a consumer PC.
Monday, May 10, 2010
With the 2010 FIFA World Cup less than two months away, cybercriminals (as expected) are banking on this prestigious international football event to trick users. TrendLabsSM spotted the latest threat involving this, and it came in the form of an email message currently being spammed in the wild.
The spam carried a .PDF file attachment which was found to contain details about the lottery the recipient allegedly won. It also instructed the recipient to give out personal information and send them to the contact person or email sender before the prize could be claimed. What was interesting about the purported sender of the emailone Mrs. Michelle Matins, Executive Vice Presidentwas also the signatory for the 419 scam, aka the Nigeria scam.
(Source: Trend Micro)
Friday, May 07, 2010
As much heat as Facebook has taken recently for its privacy policies and the freedom with which it shares data across the Web and around the world, Facebook is still not the biggest threat to online privacy--you are. A study by Consumer Reports illustrates that users are really their own worst enemy when it comes to online privacy.
Here are some of the key findings of the Consumer Reports survey: A projected 1.7 million online households had experienced online identity theft in the past year. An estimated 5.4 million online consumers submitted personal information to e-mail (phishing) scammers during the past two years. Among adult social network users, 38 percent had posted their full birth date, including year. Forty-five percent of those with children had posted their children's photos. And 8% had posted their own street address. An estimated 5.1 million online households had experienced some type of abuse on a social network in the past year, including malware infections, scams, and harassment.
(Source: PC World)
Tuesday, May 04, 2010
Websites operated by the US Treasury Department are redirecting visitors to websites that attempt to install malware on their PCs, a security researcher warned on Monday. The infection buries an invisible iframe in bep.treas.gov, moneyfactory.gov, and bep.gov that invokes malicious scripts from grepad.com, Roger Thompson, chief research officer of AVG Technologies, told The Register. The code was discovered late Sunday night and was active at time of writing, about 12 hours later.
To cover their tracks, the miscreants behind the compromise tailored it so it attacks only IP addresses that haven't already visited the Treasury websites. That makes it harder for white hat-hackers and law enforcement agents to track the exploit. Indeed, Thompson initially reported that the problem had been fixed until he discovered the sites were merely skipping over laboratory PCs that had already encountered the attack.
(Source: The Register)
Thursday, April 29, 2010
The German government is planning to establish a botnet cleanup helpline for computer users affected by malware infection. ISPs are teaming up with the German Federal Office for Information Security (BSI) to set up an operation geared towards cleansing consumer systems from botnet infestation. ISPs will track down infected machines, before directing users towards a website offering advice and an associated call centre, staffed by around 40.
The project, due to start in 2010, was announced on Tuesday at the German IT summit in Stuttgart. Malware in general, and botnets in particular, are a Windows ecosystem problem. Some bloggers have taken exception to the German plan, and have described it as a state funded subsidy to Microsoft, arguing that the money would be better spent offering advice on how to switch to less virus-infected systems.
(Source: The Register)
Tuesday, April 20, 2010
A new type of malware infects PCs using file-share sites and publishes the user's net history on a public website before demanding a fee for its removal. The Japanese trojan virus installs itself on computers using a popular file-share service called Winni, used by up to 200m people. It targets those downloading illegal copies of games in the Hentai genre, an explicit form of anime. Website Yomiuri claims that 5500 people have so far admitted to being infected.
"If you find you are getting pop-ups demanding payments to settle copyright infringement lawsuits, ignore them and use a free online anti-malware scanner immediately to check for malware," said Mr Ferguson.
Monday, April 19, 2010
A computer security researcher has released a plugin for Firefox that provides a wealth of data on Web sites that may have been compromised with malicious code. The plugin, called Fireshark, was released on Wednesday at the Black Hat conference. The open-source free tool is designed to address the shortcomings in other programs used to analyze malicious Web sites, said Stephan Chenette, a principal security researcher at Websense, which lets Chenette develop Fireshark in the course of his job. Hackers often target legitimate Web sites with code that can either infect a machine with malicious software or redirect a user to a bad Web page.
Thursday, April 15, 2010
Microsoft today patched 25 vulnerabilities in Windows, Exchange and Office, including nine marked "critical," the company's highest threat ranking. But researchers were unanimous in urging users to immediately apply two of the 11 updates, which address major bugs in Windows Media Player and an important video file format, to block drive-by attacks that will quickly spread on the Web.
The patches also fixed eight flaws pegged as "important," the next-lowest step in Microsoft's four-stage scoring system, and another eight tagged as "moderate." Five of today's 11 update packages were marked critical, while five were labeled important and the remaining one as moderate. Security experts directed users' attention to a pair of updates that addressed issues in Windows' media infrastructure.
Tuesday, April 06, 2010
Link-shortening services such as TinyURL seem ideal for criminals because they can disguise the names of malicious sites. Yet on Twitter one of the most popular places for them they may not be nearly as malicious as many industry experts fear, according to new security research. Zscaler Inc., a company that sells security services, studied 1.3 million shortened links taken from Twitter over two weeks, before Twitter began in early March to examine such links for malicious content.
Just 773 of those links a mere 0.06 percent led to malicious content. Link-shortening services convert long Web addresses into shorter ones. They have become more popular as people spend more time on social-networking sites and share with their friends links to photos, news articles and other tidbits. They are especially important on Twitter, which restricts its posts to 140 characters.
Friday, March 26, 2010
One of the world's most notorious computer hackers was sentenced to 20 years in prison on Thursday after he pleaded guilty to helping run a global ring that stole tens of millions of payment card numbers. Albert Gonzalez, a 28-year-old college dropout from Miami, had confessed to helping lead a ring that stole more than 40 million payment card numbers by breaking into retailers including TJX Cos Inc, BJ's Wholesale Club Inc and Barnes & Noble.
It was the harshest sentence ever handed down for a computer crime in an American court, said Mark Rasch, former head of the computer crimes unit at the U.S. Department of Justice. Gonzalez and conspirators scattered across the globe caused some $200 million in damages to those businesses, said Assistant U.S. Attorney Stephen Heymann.
Wednesday, March 24, 2010
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru.
Countries in Asia now face the same level and type of sophisticated cyber attack as countries in the West, according to a new report from non-profit US cyber-crime research organisation Team Cymru. "We would expect to see high concentrations of compromised machines in areas with high concentrations of Internet saturation and urban population," said Team Cymru director, global outreach, and former Scotland Yard detective, Steve Santorelli.
(Source: IDG Connect)
Monday, March 22, 2010
In a bid to cut down on fraud and inappropriate content, the organization responsible for administering Russia's .ru top-level domain names is tightening its procedures. Starting April 1, anyone who registers a .ru domain will need to provide a copy of their passport or, for businesses, legal registration papers.
Loopholes in the domain name system help spammers, scammers and operators of pornographic Web sites to avoid detection on the Internet by concealing their identity. Criminals often play a cat-and-mouse game with law enforcement and security experts, popping up on different domains as soon as their malicious servers are identified. Criminals in eastern Europe have used .ru domains for a while, registering domain names under fake identities and using them to send spam or set up command-and-control servers to send instructions to networks of hacked computers.
(Source: PC World)
Monday, March 15, 2010
The government has added fresh resources to the fight against cybercrime with the launch of a £4.3m programme to help combat fraud, estimated to cost UK consumers £3.5bn per year. The programme, which aims to take down scam websites, was launched by the Department for Business, Innovation and Skills this week. Under the scheme, up to 300 of the UK's approximately 3,000 existing trading standards officers will receive "intermediate" level training in tackling cybercrime.
In addition, a new cyber enforcement team within the Office of Fair Trading (OFT) will be set up. The team will lead investigations into websites selling fake or non-existent goods, tickets or services online, and will have an attached digital forensics lab that will be available to all OFT staff.
Wednesday, March 10, 2010
Twitter launched a new link-screening service on Tuesday aimed at preventing phishing and other malicious attacks against users of the popular microblogging service.
Phishing scams on Twitter usually involve attackers trying to obtain the login credentials of Twitter users, and then sending spam messages from the stolen accounts in a bid to make money, Twitter said on its blog last month. Twitter also fights phishing scams by watching for affected accounts and resetting passwords, it said. Phishing attacks ballooned on Twitter last year as the service grew in popularity. Twitter's new link-screening service comes after it last year started using Google's Safe Browsing API to check for malicious content in links posted by users.
(Source: PC World)
Friday, March 05, 2010
Hackers breaking into businesses and government agencies with targeted attacks have not only stolen intellectual property, in some cases they have corrupted data too, the head of the U.S. Federal Bureau of Investigation said Thursday. The United States has been under assault from these targeted spear-phishing attacks for years, but they received mainstream attention in January, when Google admitted that it had been hit and threatened to pull its business out of China -- the presumed source of the attack -- as a result.
Researchers investigating the Google attack -- thought to have affected at least 100 companies including Intel, Adobe and Symantec -- say that prime targets of the hackers were the source code management systems used by software developers to build code.
(Source: PC World)
Wednesday, March 03, 2010
Authorities have smashed one of the world's biggest networks of virus-infected computers, a data vacuum that stole credit cards and online banking credentials from as many as 12.7 million poisoned PCs. The "botnet" of infected computers included PCs inside more than half of the Fortune 1,000 companies and more than 40 major banks, according to investigators.
Spanish investigators, working with private computer-security firms, have arrested the three alleged ringleaders of the so-called Mariposa botnet, which appeared in December 2008 and grew into one of the biggest weapons of cybercrime. More arrests are expected soon in other countries.
(Source: The New Zealand Herald)
The New Zealand Herald
Friday, February 26, 2010
Security experts are split over the effectiveness of Microsoft's efforts to shut down a network of PCs that could send 1.5 billion spam messages a day. The firm persuaded a US judge to issue a court order to cripple 277 internet domains used by the Waledac botnet. Botnets are usually armies of hijacked Windows PCs that send spam or malware. "We aim to be more proactive in going after botnets to help protect the internet," said Richard Boscovich, the head of Microsoft's digital crime unit.
Security firm Symantec has estimated that over 80% of unsolicited e-mail comes from botnets.
Wednesday, February 24, 2010
Intel was the victim of a cyber attack similar to the one experienced by Google, the company revealed Monday. "We regularly face attempts by others to gain unauthorized access through the Internet to our information technology systems," Intel said in regulatory filings posted by The New York Times. "One recent and sophisticated incident occurred in January 2010 around the same time as the recently publicized security incident reported by Google."
Attacks have included people who masqueraded as authorized users or those who used "surreptitious introduction of software," Intel said. "These attempts, which might be the result of industrial or other espionage, or actions by hackers seeking to harm the company, its products, or end users, are sometimes successful."
(Source: PC Magazine)
Friday, February 19, 2010
A former security researcher turned criminal hacker has been sentenced to 13 years in federal prison for hacking into financial institutions and stealing credit card account numbers.
Max Ray Butler, who used the hacker pseudonym Iceman, was sentenced Friday morning in U.S. District Court in Pittsburgh on charges of wire fraud and identity theft. In addition to his 13-year sentence, Butler will face five years of supervised release and must pay US$27.5 million in restitution to his victims, according to Assistant U.S. Attorney Luke Dembosky, who prosecuted the case for the federal government. Dembosky believes the 13 year sentence is the longest-ever handed down for hacking charges.
Thursday, February 18, 2010
A new type of computer virus is known to have breached almost 75,000 computers in 2,500 organizations around the world, including user accounts of popular social network websites, according Internet security firm NetWitness. The latest virus -- known as "Kneber botnet" -- gathers login credentials to online financial systems, social networking sites and email systems from infested computers and reports the information back to hackers, NetWitness said in a statement.
A botnet is an army of infected computers that hackers can control from a central machine." The company said the attack was first discovered in January during a routine deployment of NetWitness software.
Wednesday, February 17, 2010
A common Web programming error could give hackers a way to take over Google Buzz accounts, a security expert said Tuesday. The flaw is a "medium-sized problem" with the Buzz for Mobile Web site, said Robert Hansen, CEO of SecTheory, who first reported the issue. This type of Web programming error, called a cross-site scripting flaw, lets the attacker put his own scripting code into Web pages that belong to trusted Web sites such as Google.com. It is a fairly common flaw but one that can have major consequences when exploited on widely used Web sites.
The attacker "can force you to say things you don't want to say, to follow people," he said. "Whatever Google Buzz allows you to do, it allows him to do to you."
(Source: PC World)
Monday, February 15, 2010
Former top US intelligence officials will become cyberwarriors on Tuesday in a simulation of how the US government would respond to a massive cyberattack on the United States. "The scenario itself is secret," said Eileen McMenamin, vice president of communications for the Bipartisan Policy Center (BPC), which is hosting the event dubbed "Cyber ShockWave." "The participants don't even know what it is," McMenamin told AFP. "None of them know what's going to transpire."
Former president George W. Bush's Homeland Security chief Michael Chertoff will play the role of National Security Advisor to the president while former Director of National Intelligence John Negroponte will be Secretary of State.
Tuesday, February 09, 2010
Deep inside millions of computers is a digital Fort Knox, a special chip with the locks to highly guarded secrets, including classified government reports and confidential business plans. Now a former U.S. Army computer-security specialist has devised a way to break those locks.
The attack can force heavily secured computers to spill documents that likely were presumed to be safe. This discovery shows one way that spies and other richly financed attackers can acquire military and trade secrets, and comes as worries about state-sponsored computer espionage intensify, underscored by recent hacking attacks on Google Inc.
Monday, February 08, 2010
China has closed what it claims to be the largest hacker training website in the country and arrested three of its members, domestic media reported on Monday.
The "Black Hawk Safety Net" website taught hacking techniques and provided malicious software downloads for its 12,000 members in exchange for a fee, the Wuhan Evening News newspaper reported this weekend, citing police in Huanggang, just east of Wuhan.
Thursday, February 04, 2010
Twitter required some users to reset their passwords on Tuesday after discovering that their log-in information may have been harvested via security-compromised torrent Web sites, the company said.
For years, a malicious hacker has been setting up file-sharing torrent sites that appear legitimate and then selling them to well-meaning buyers who want to own their own download site, explained Del Harvey, Twitter's director of trust and safety, in a blog post. However, the sites are riddled with malware and backdoors that allow the malicious hacker to steal log-in credentials -- like e-mail addresses, usernames and passwords -- from users who sign up for them.
Tuesday, February 02, 2010
Facebook and Twitter users are under attack by cybercriminals -- and the incidents are rising, Sophos says in its its 2010 Security Threat Report released Monday. In the past 12 months, Sophos says, cybercriminals have focused more attacks on social-network users. Spam and malware are leading the charge.
Fifty-seven percent of users surveyed reported getting spammed via social-networking sites -- an increase of 70.6 percent from 2008. And 36 percent say they have been sent malware via social-networking sites, a 69.8 percent increase.
(Source: NewsFactor Network)
Wednesday, January 20, 2010
Hackers are attacking consumers with an exploit of Internet Explorer (IE) that was allegedly used last month by the Chinese to break into Google's corporate network, a security company said Monday.
That news came on the heels of warnings by the information security agencies of the French and German governments, which recommended that IE users switch to an alternate browser, such as Firefox, Chrome, Safari or Opera, until Microsoft fixes the flaw. In a Monday alert Websense said it identified "limited public use" of the unpatched IE vulnerability in drive-by attacks against users who strayed onto malicious Web sites.
Monday, January 18, 2010
The U.S. Federal Bureau of Investigation is advising people to be careful when evaluating donation programs related to the earthquake in Haiti as one security firm is already seeing scam e-mails circulate. People should apply a "critical eye" to requests for financial donations following Tuesday's earthquake in Haiti, which caused an unknown number of deaths and severe damage to the country's infrastructure.
Scam e-mails are already emerging. Symantec noted a so-called 419-style e-mail that purported to come from the British Red Cross. A 419 scam, named after the number of a statute in Nigeria's criminal code banning the practice, is one in which an e-mail or a letter implores a person to send money for some bogus reason.
Wednesday, January 13, 2010
The cyber threat environment is constantly changing and becoming more challenging with every day that passes. Malware grew last year at the highest rate in 20 years. Multiple security reports showed that more than 25 million new strains of malware were identified in 2009.
Forecasts suggest that 2010 will again see unprecedented growth in malware and the trend is expected to continue for the foreseeable future. Not only will the cyber attack volume escalated dramatically, but the sophistication of malware delivery modalities will also become much more sophisticated and dangerous. In addition, social networking sites will become major targets of choice for cyber criminals.
(Source: Defense Tech)
Thursday, January 07, 2010
The new year will usher in some interesting new changes in the world of malware and cyber-attacks, according to one company's predictions for 2010. Watchful eyes will have to be kept on mobile phone apps, Google Wave accounts, file sharing and peer-to-peer networks -- cyber-criminals will target those in greater numbers, according to predictions released by Kaspersky Labs, a provider of Internet threat management solutions for combating malware.
"Given the growing sophistication of threats -- it's no longer just an e-mail saying, Please click on this attachment,' and you get infected with something -- the schemes are much more elaborate than that," said Roel Schouwenberg, the company's senior malware researcher.
(Source: Government Technology)
Thursday, December 17, 2009
A court in east China has handed down jail sentences of up to three years to 11 people for their roles in online gaming scams that netted them around 140,000 dollars, state media said. Lu Yizhong and Zeng Yifu wrote malicious Trojan horse viruses to steal 5.3 million user names and passwords from online gamers, which were then used for "illegal gains", the Xinhua news agency reported late Wednesday. Defendants Yan Renhai, his girlfriend Chen Huiting and other accomplices sold or used the viruses to steal online credits, the Gulou District People's Court in Jiangsu province found, according to Xinhua.
The number of Internet gamers in China reached 217 million at the end of June, or 64.2 percent of the nation's total online population.
Wednesday, December 16, 2009
Internet users are being warned to watch out for a computer virus targeting popular social networking sites in the run up to Christmas.
Security experts say the new virus is "particularly nasty" and compels its victims to participate manually in creating a new Facebook account to help spread the worm. "The more people who use an application such as Facebook, or any other means of social networking, the more likely they are to be targeted by bad guys to send out malicious threats such as Koobface." The internet security company recommends that users do not reply to or follow links included in unsolicited Facebook messages and users should always carefully check that the URL they are entering is really that of the site they want to access.
(Source: FOX News)
Tuesday, December 15, 2009
They're the scourge of the Internet right now and the U.S. Federal Bureau of Investigation says they've also raked in more than $150 million for scammers. Security experts call them rogue antivirus programs.
The FBI's Internet Crime Complaint Center issued a warning over this fake antivirus software Friday, saying that Web surfers should be wary of sudden pop-up windows that report security problems on their computers. This software can appear almost anywhere on the Web. Typically, the scam starts with an aggressive pop-up advertisement that looks like some sort of virus scan. Often it's nearly impossible to get rid of the pop-up windows.
Thursday, December 10, 2009
A "friendly" hacker called c0de.breaker claims to have broken into two secure internal sites at NASA's Instrument Systems and Technology and Software Engineering divisions, and snapped screen shots to prove the protected sites were intruded.
"I didn't want to make something bad!" c0de.breaker wrote in a web posting. "Only to show NASA (has) many vulnerable subdomains to SQLI (SQL injection), XSS (cross-site scripting), etc." The hacker gained access through a combination of a SQL injection and poor access controls. The National Aeronautics and Space Administration has had major problems securing its websites for years.
(Source: Gov Info Security)
Gov Info Security
Wednesday, December 09, 2009
What do phishing, instant messaging malware, DDoS attacks and 419 scams have in common? According to Cisco Systems, they're all has-been cybercrimes that were supplanted by slicker, more menacing forms of cybercrime over the past year.
In its 2009 Annual Security Report, due to be released Tuesday, Cisco says that the smart cyber-criminals are moving on. "Social media and the data-theft Trojans are the things that are really in their ascent," said Patrick Peterson, a Cisco researcher. "You can see them replacing a lot of the old-school things."
Friday, December 04, 2009
The U.S. government and private businesses need to overhaul the way they look at cybersecurity, with the government offering businesses new incentives to fix security problems, the Internet Security Alliance said.
The alliance, in a report released Thursday, also called for permanent international cybersecurity collaboration centers, new security standards for VoIP (voice over Internet Protocol) communications and programs to educate corporate leaders about the benefits of enhanced cybersecurity efforts. Lots of groups have called for better information security education for students, but education for enterprise leaders is often overlooked, said Joe Buonomo, president and CEO of Direct Computer Resources, a data security products vendor.
Wednesday, December 02, 2009
If your iPhone has been jailbroken, change your passwords now, advised Paul Ducklin, Sophos Australia's chief of technology. Ducklin said the writers of this virus included a program call "Duh", which added malicious capabilities not present in last month's ikee release.
The new password installed by this virus was "ohshit", which can be used to remove the threat of further remote attacks on an infected device. Ducklin said to clean up the device by searching the file "directory/private/var/mobile/home", type in "passwd" to initiate the command, and change the password. "Otherwise the buggers can get back in anytime they want," said Ducklin.
(Source: ZDNet Australia)
Tuesday, December 01, 2009
Its not good news for IT cities. According to a report prepared by the Computer Emergency Research Team from the Union IT ministry, a total of 692 websites have been affected in September alone.
The unit has now asked the respective state governments to secure their own websites. We have instructed all state governments to instal security measures, especially for those sites which contain sensitive data, said a senior ministry official. Of the websites hacked, a whopping 74% belong to the dotin domain Most common hacking method is to steal password from administrator Hackers also enter web server and destroy the site Another method is to try and poison the URL.
(Source: The Economic Times)
The Economic Times
A computer worm that China warned Internet users against is an updated version of the Panda Burning Incense virus, which infected millions of PCs in the country three years ago, according to McAfee.
The original Panda worm, also known as Fujacks, caused widespread damage at a time when public knowledge about online security was low, and led to the country's first arrests for virus-writing in 2007. The new worm variant, one of many that have appeared since late 2006, adds a malicious component meant to make infection harder to detect.
(Source: PC World)
Monday, November 30, 2009
Diners who frequent a popular Downtown restaurant should review their charge-card statements because hackers broke into its computer system to loot debit- and credit-card numbers, police said today.
Between 30 and 50 people have reported fraudulent charges on their accounts, and Columbus detectives said that anyone who used a charge card at Tip Top Kitchen and Cocktails in July or August is at risk. The hackers have been traced to an overseas Internet address, and no Tip Top employees are involved, police said. The hackers found a weak point in the restaurant's computer defenses, wormed their way in, and installed "malware" that stripped the numbers.
(Source: The Columbus Dispatch)
The Columbus Dispatch
Tuesday, November 24, 2009
Four men, including the self-proclaimed "Godfather of Spam," were sentenced to prison on Monday for their roles in an email stock fraud scheme, the Justice Department said. FBI special agent said Ralsky, the self-proclaimed "Godfather of Spam," flooded email boxes with unwanted spam email and attempted to use a botnet to hijack computers to assist them in the scheme. A botnet is a network of computers infected by malicious software.
"Today's sentencing sends a powerful message to spammers whose goal is to manipulate financial transactions and the stock market through illegal email advertisements," said assistant attorney general Lanny Breuer.
Thursday, November 19, 2009
A self-proclaimed geek from the age of 14, Andre DiMino had always been interested in computers and networking. But it wasn't until he entered his professional life many years later that he became interested in the security side of that world.
Just five years ago, hunting botnets, said DiMino, was a much different game. The botnets were fairly straightforward, he said, and the primary method of communication was the IRC (Internet Relay Chat). DiMino and other volunteers were able to act like criminals by joining a botnet, watching its traffic to get an understanding of how it was architected and learn more its particular function. They found their efforts were worthwhile as they began contacting network hosts, alerting them that were supporting the botnets and seeing them shutdown.
Friday, November 13, 2009
Testing a brand new copy of Windows 7 shows that malware still finds its way around inbuilt preventative measures.
Got Windows 7? Yes, we know an increasing number of you have. But you'll still need antivirus protection. A test by the security company Sophos has found that Windows 7 is, out of the box, vulnerable to 8 out of 10 viruses that dropped into its feed (its feed being gnarly viruses picked from the internet). But of those 8, the User Account Control (UAC) - meant to save you from yourself, you button-clicking obsessive, you - did stop one.
Thursday, November 12, 2009
For the last few days, some jailbroken iPhone users have found their home screen background a little different than they remembered. A hacker, going by the name "ikee," created a worm that changes the home screen background on jailbroken iPhones whose owners failed to change the default password after installing SSH.
Simply jailbreaking your iPhone will not make you vulnerable to this sort of hack. The iPhone OS, in general, is also immune to this hack. On jailbroken iPhones, SSH is installable with a package from Cydia that allows you to connect to your phone and make changes to the filesystem.
(Source: TUAW News)
Australian internet provider BigPond has become the latest internet company to be targeted by hackers on Twitter, after one of its accounts was hijacked as part of a phishing scam.
Affected users received a private message from BigPondTeam saying "Hey, look at this," and directing them to follow a link that asked them to enter their Twitter password. The attack was part of an attempt to steal their credentials and potentially gain access to other services they use - such as their bank accounts or email services.
Wednesday, November 04, 2009
An expert on cable modem hacking has been arrested by federal authorities on computer intrusion charges. According to the U.S. Department of Justice (DOJ), Ryan Harris, 26, ran a San Diego company called TCNISO that sold customizable cable modems and software that could be used to get free Internet service or a speed boost for paying subscribers.
Hackers have known for years that certain models of cable modem, such as the Motorola Surfboard 5100, can be hacked to run faster on a network, a process known as uncapping.
Monday, November 02, 2009
If your cash card gets eaten by the automated-teller machine, it may not end up in the hands of a bank employee. European financial institutions are seeing a sharp rise in card "trapping," where criminals use various tricks in order to capture and retrieve a person's ATM card for fraudulent use.
For the first half of this year, financial institutions reported 1,045 trapping incidents, according to a new report from the European ATM Security Team (EAST), a nonprofit group composed of financial institutions and law enforcement. The figure, which covers 20 countries within the Single Euro Payments Area (SEPA), represents a 640 percent increase over the first half of 2008.
Friday, October 30, 2009
Twitter warned users Tuesday of a new phishing scam on the social networking site. It's the latest in a series of scams that have plagued the site over the past year, designed to trick victims into giving up their user names and passwords.
"We've seen a few phishing attempts today, if you've received a strange DM and it takes you to a Twitter login page, don't do it!," Twitter wrote on its Spam message page. The message reads, "hi. this you on here?" and includes a link to a fake Web site designed to look like a Twitter log-in page. After entering a user name and password, victims enter an empty blogspot page belonging to someone named NetMeg99.
Tuesday, October 27, 2009
The Swiss Foreign Ministry says it was the victim of a "professional" cyber attack aimed at obtaining information from its computer network. Spokesman Georg Farago says the ministry cut the connection between its network and the Internet after the attack was discovered on Thursday. He says specialists are trying to determine the source of the attack and whether any information was stolen.
Farago said Monday it appeared the Foreign Ministry was specifically targeted. Switzerland frequently plays host to international peace talks and other high-level negotiations.
Monday, October 26, 2009
Networks of hacked computers are being used more than ever to click on advertisements, a scam known as click fraud that cheats search engines, publishers and ad networks out of revenue.
For the third quarter of the year, 42.6% of fraudulent clicks came from botnet-infected computers, according to Click Forensics, a company that produces tools to detect and filter out fraudulent clicks. The figure is the highest in four years, when Click Forensics began producing reports. For the same quarter a year ago, botnets accounted for 27.5% of bad clicks. Botnets are a powerful tool for hackers.
Wednesday, October 21, 2009
Microsoft admitted Hotmail users had been tricked into revealing their passwords, 10,000 of which had been published online.
The spam is being sent from users' accounts to contacts in their address books - so recipients will think it came from one of their friends. While the new spam is not malicious in itself, it does point the contact in the direction of something that is a "shopping" website. The trick is, the shopping site is not a real one. The scam persuades victims to order goods online by credit card, leaving them vulnerable to identity theft and fraud.
(Source: Fox News)
Hotmail and several other Web e-mail providers were recently hit by phishing attacks that gleaned usernames and passwords.It's terribly insecure, but the string of digits 1234567 is a popular password on Hotmail, according to security researcher Bogdan Calin, who analyzed 9,843 stolen Windows Live Hotmail passwords that were posted on a Web site.
In a blog post, Calin said the following were the most common passwords in the Hotmail collection: 123456, 123456789, alejandra, 111111, alberto, tequiero, alejandro and 12345678.
Monday, October 19, 2009
Tens of millions of U.S. computers are loaded with scam security software that their owners may have paid for but which only makes the machines more vulnerable, according to a new Symantec report on cybercrime.
Cyberthieves are increasingly planting fake security alerts that pop up when computer users access a legitimate website. The "alert" warns them of a virus and offers security software, sometimes for free and sometimes for a fee. "Lots of times, in fact they're a conduit for attackers to take over your machine. They'll take your credit card information, any personal information you've entered there and they've got your machine,"
Friday, October 16, 2009
Cyber-crime just doesn't pay like it used to. Security researchers say the cost of criminal services such as distributed denial of service, or DDoS, attacks has dropped in recent months. The reason? Market economics.
Criminals have gotten better at hacking into unsuspecting computers and linking them together into so-called botnet networks, which can then be centrally controlled. Botnets are used to send spam, steal passwords, and sometimes to launch DDoS attacks, which flood victims' servers with unwanted information.
Wednesday, October 14, 2009
Twitter users should refrain from changing their log-in data until further notice or else risk getting locked out of their accounts. Twitter is investigating instances of users who have lost access to their accounts after modifying their usernames, passwords or e-mail addresses, the microblogging company said on Tuesday.
Until the problem is resolved, Twitter users shouldn't modify their log-in data, according to an official posting on Twitter's Status Web site. "This seems to affect new users as well as long term users," the note reads.
Monday, October 12, 2009
For the fourth time this year, Adobe has admitted that hackers used malicious PDF documents to break into Windows PCs.
The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.
Security researchers are warning that Web-based applications are increasing the risk of identity theft or losing personal data more than ever before.
The best defense against data theft, malware and viruses in the cloud is self defense, researchers at the Hack In The Box (HITB) security conference said. But getting people to change how they use the Internet, such as what personal data they make public, won't be easy.
Friday, October 09, 2009
Scammers have grabbed the Hotmail passwords that leaked to the Web and are using them in a plot involving a fake Chinese electronics seller to bilk users out of cash and their credit card information, a security researcher said.
"We've seen a 30% to 40% increase in these types of spam messages in the last several days," said Patrik Runald, senior manager of Websense's security research team. "By 'these types of spam,' I mean messages that are advertising great consumer electronics bargains, such as cameras and computers."
The head of the U.S. Federal Bureau of Investigation has stopped banking online after nearly falling for a phishing attempt. FBI Director Robert Mueller said he recently came "just a few clicks away from falling into a classic Internet phishing scam" after receiving an e-mail that appeared to be from his bank.
In phishing scams, criminals send spam e-mails to their victims, hoping to trick them into entering sensitive information such as usernames and passwords at fake Web sites.
Thursday, October 08, 2009
IPhone lovers and other smartphone users should take heed: A security researcher showed ways to spy on a BlackBerry user during a presentation Wednesday, including listening to phone conversations, stealing contact lists, reading text messages, taking and viewing photos and figuring out the handset's location via GPS.
And ironically, Sheran Gunasekera, head of research and development at ZenConsult, said the BlackBerry is one of the most secure smartphones available, in some ways better than the iPhone.
Investigators in the United States and Egypt have smashed a computer "phishing" identity theft scam described as the biggest cyber-crime investigation in US history, officials said Wednesday.
The Federal Bureau of Investigation said 33 people were arrested across the United States early Wednesday while authorities in Egypt charged 47 more people linked to the scam. A total of 53 suspects were named in connection with the scam in a federal grand jury indictment, the FBI said.
Tuesday, October 06, 2009
Microsoft blocked access to thousands of Hotmail accounts in response to hackers plundering password information and posting it online.
Cyber-crooks evidently used "phishing" tactics to dupe users of Microsoft's free Web-based email service into revealing account and access information, according to the US technology giant. Phishing is an Internet bane and involves using what hackers refer to as "social engineering" to trick people into revealing information online or downloading malicious software onto computers.
In a somewhat unusual data breach, hackers recently stole the login credentials of an unknown number of customers of payroll processing company PayChoice Inc., and then attempted to use the data to steal additional information directly from the customers themselves.
Hackers broke into the site and managed to access the real legal name, username and the partially masked passwords used by customers to log into the site. They then used the information to send very realistic looking phishing e-mails to PayChoice's customers directing them to download a Web browser plug-in to be able to continue using the onlineemployer.com service.
Friday, October 02, 2009
US Homeland Security Secretary Janet Napolitano said Thursday that her department has received the green light to hire up to 1,000 cybersecurity experts over the next three years.
Kicking off "National Cybersecurity Awareness Month," she said the new recruits would "help fulfill the department's broad mission to protect the nation's cyber infrastructure, systems and networks." "Effective cybersecurity requires all partners -- individuals, communities, government entities and the private sector -- to work together to protect our networks and strengthen our cyber resiliency," Napolitano said.
Wednesday, September 30, 2009
Cybersecurity researchers often scare the IT world with tales of brilliant and devious hacks: encryption cracking techniques, wi-fi booby-traps and undetected vulnerability data sold on the black market. But the most common path cybercriminals use to gain access to victims' PCs today, according to a new report, is far more mundane: buggy software that users and IT administrators fail to patch for months, long after fixes are publicly available.
The study to be released Tuesday by the security-focused SANS Institute states that the cybersecurity community is facing an epidemic of unpatched software, particularly widely used applications like Adobe Flash, Java and Microsoft programs like Word and PowerPoint.
Monday, September 28, 2009
A network of Russian malware writers and spammers paid hackers 43 cents for each Mac machine they infected with bogus video software, a sign that Macs have become attack targets, a security researcher said yesterday.
In a presentation Thursday at the Virus Bulletin 2009 security conference in Geneva, Switzerland, Sophos researcher Dmitry Samosseiko discussed his investigation of the Russian "Partnerka," a tangled collection of Web affiliates who rake in hundreds of thousands of dollars from spam and malware, most of the former related to phony drug sites, and much of the latter targeting Windows users with fake security software, or "scareware."
Monday, September 21, 2009
Microsoft filed lawsuits against five companies Thursday, accusing them of using malicious advertisements to trick victims into installing software on their computers.
Typically, when a scareware ad pops up on a victim's screen, it looks like a Windows utility running some kind of security scan. It will then warn that it has found a critical security problem and direct the victim to a Web site where they can buy a product to fix the issue. DirectAd Solutions, Soft Solutions, qiweroqw.com, ote2008.info and ITmeter have used ads to "distribute malicious software or present deceptive websites that peddled scareware to unsuspecting Internet users".
Tuesday, September 15, 2009
A computer hacker who was once a federal informant and was a driving force behind one of the largest cases of identity theft in U.S. history pleaded guilty Friday in a deal with prosecutors that will send him to prison for up to 25 years.
Albert Gonzalez, 28, of Miami, admitted pulling off some of the most prominent hacking jobs of the decade. Federal authorities say tens of millions of credit and debit card numbers were stolen. Gonzalez entered guilty pleas in U.S. District Court in Boston to 19 counts of conspiracy, computer fraud, wire fraud, access device fraud and aggravated identity theft.
Monday, September 14, 2009
Cyber criminals are taking advantage of swine flu fears with e-mails promising news on the illness which then infect computers with a virus, a Spanish computer security firm warned Friday.
The e-mails invite recipients to open a document with information claiming the H1N1 flu virus was developed by pharmaceutical firms seeking to make huge profits from the outbreak, Pandasecurity said in a statement. But if the document is opened, a virus is installed on the person's computer which can steal personal information like bank account data.
South Korea plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites, a report said Sunday. The "cyber sheriffs" would be tasked with "protecting corporate information and preventing the leaks of industrial secrets," Yonhap news agency said.
In the event of cyber attacks, the National Intelligence Service, the country's main spy agency, would set up a taskforce including civilian and government experts to counter the online threats, it added. The country already has a military cyber unit. South Korea, where 95 percent of homes have broadband, is among the top countries in terms of access to the high-speed Internet.
Thursday, September 10, 2009
Hong Kong is under siege from legions of "zombies" attacking people with spam and leaving in their wake a trail of destruction costing millions of dollars a year, analysts have warned.
There are an estimated 4,000 zombies active in Hong Kong and their criminal puppet masters use them to fire off thousands of messages offering products ranging from jewellery to pornography. According to the 2008 Annual Security Report by Internet security firm MessageLabs 81.3 percent of emails sent to Hong Kong computer users last year were spam, more than in any other territory or country in the world.
Wednesday, September 09, 2009
Anonymous hackers have attacked a Taiwan film festival over plans to screen a documentary on the US-based leader of China's predominantly Muslim Uighur minority, festival organisers said Tuesday. A message, posted on a blog run by one of the organisers of the Kaohsiung Film Festival, blamed Rebiya Kadeer for recent bloody unrest in northwest China's Xinjiang region, which is home to the Turkic-speaking Uighurs.
The film festival, which takes place in Taiwan's second largest city Kaohsiung, is scheduled to show "Ten Conditions of Love" on World Uighur Congress leader Kadeer in October.
Monday, August 31, 2009
There's still plenty of room for innovation today, yet the openness fostering it may be eroding. While the Internet is more widely available and faster than ever, artificial barriers threaten to constrict its growth. Call it a mid-life crisis. A variety of factors are to blame. Spam and hacking attacks force network operators to erect security firewalls.
"There is more freedom for the typical Internet user to play, to communicate, to shop more opportunities than ever before," said Jonathan Zittrain, a law professor and co-founder of Harvard's Berkman Center for Internet & Society. "On the worrisome side, there are some longer-term trends that are making it much more possible (for information) to be controlled."
Friday, August 28, 2009
A software developer, a U.K.-based search optimization specialist, Slater recommended that, until Twitter patches the vulnerability, users should stop following any Twitterers they don't personally know or trust. "Who's to say they're not already stealing your details? If you don't see their tweets, they can't harm you,"
Wednesday, August 26, 2009
Fans searching for "Jessica Biel" or "Jessica Biel downloads," "Jessica Biel wallpaper," "Jessica Biel screen savers," "Jessica Biel photos," and "Jessica Biel videos" have a one in five chance of landing at a Web site that has tested positive for online threats such as spyware, adware, spam, phishing, viruses and other malware. McAfee's conclusion: Searching for the latest celebrity news and downloads can cause serious damage to personal computers.
"Consumers' obsession with celebrity news and culture is harmless in theory, but one bad download can cause a lot of damage to a computer."
Internet criminals might be rethinking a favorite scam for stealing people's personal information. A report being released Wednesday by IBM Corp. shows a big drop in the volume of "phishing" e-mails, in which fraud artists send what looks like a legitimate message from a bank or some other company. If the recipients click on a link in a phishing e-mail, they land on a rogue Web site that captures their passwords, account numbers or any other information they might enter.
To protect yourself against phishing, access sensitive sites on your own, rather than by following links in e-mails, which might lead to phishing sites.
Monday, August 24, 2009
Albert Gonzalez, the man described by federal authorities as the kingpin of a gang responsible for stealing more than 130 million payment cards, is a computer addict constantly looking for ways to challenge his abilities, according to his lawyer. He has had an unhealthy obsession with computers since the age of 8. "He was self-taught, He didn't go out in the sandbox or play baseball. The computer was his best friend."
"It wasn't healthy. It's a sickness. It's a problem that has not been addressed in our society."
Wednesday, August 19, 2009
US prosecutors have charged a man with stealing data relating to 130 million credit and debit cards. Officials say it is the biggest case of identity theft in American history.
They say Albert Gonzalez, 28, and two un-named Russian co-conspirators hacked into the payment systems of retailers, including the 7-Eleven chain. Prosecutors say they aimed to sell the data on. If convicted, Mr Gonzalez faces up to 20 years in jail for wire fraud and five years for conspiracy.
Tuesday, August 18, 2009
The cyberattacks against Georgia a year ago were conducted in close connection with Russian criminal gangs, and the attackers likely were tipped off about Russia's intent to invade the country, according to a new technical analysis, much of which remains secret. The stunning conclusions come from the U.S. Cyber Consequences Unit, an independent nonprofit research institute that assesses the impact of cyber attacks.
Bombers struck targets throughout the country, and at the same time Georgian media and government sites fell under DDOS attack.
A new hacking incident report warns there has been a steep rise in attacks at social-networking hotspots including wildly popular microblogging service Twitter. Hackers aren't just hunting for victims in the flocks of people at social networks, they're also using Twitter to command "botnet" armies of infected computers, according to Internet security specialists.
"A lot of Web 2.0 widgets, mashups and the like that users go for make it easy for all these guys to launch attacks." Facebook became an Internet star after opening its platform to widgets, mini-applications made by outside developers, and now boasts more than 250 million members.
Monday, August 17, 2009
A researcher looking into the attacks that knocked Twitter offline last week discovered another, unrelated security problem. At least one criminal was using a Twitter account to control a network of a couple hundred infected personal computers, mostly in Brazil.
Networks of infected PCs are referred to as "botnets" and are responsible for so much of the mayhem online, from identity theft to spamming to the types of attacks that crippled Twitter. A Twitter account that was used to send out what looked like garbled messages. But they were actually commands for computers in a botnet to visit malicious Web sites, where they download programs that steal banking passwords.
Thursday, August 13, 2009
The investigation into the attacks against high-profile Web sites in South Korea and the U.S. is a winding, twisty electronic goose chase that may not result in a definitive conclusion on the identity of the attackers.
Computer security experts disagree over the skill level of the DDOS (distributed denial-of-service) attacks, which over the course of a few days in early July caused problems for some of the Web sites targeted, including South Korean banks, U.S. government agencies and media outlets. The DDOS attack was executed by a botnet, or a group of computers infected with malicious software controlled by a hacker. That malware was programmed to attack the Web sites by bombarding them with page requests that far exceed normal visitor traffic. As a result, some of the weaker sites buckled.
Fraudsters are taking advantage of the widely used but obscure Automated Clearing House (ACH) Network in order to pull off their attacks. This financial network is used by financial institutions to handle direct deposits, checks, bill payments and cash transfers between businesses and individuals.
The fraud typically starts with a targeted phishing e-mail, aimed at whomever is in charge of the company's checkbook. By tricking the victim into running software, opening a harmful attachment or visiting a malicious Web site, the criminals are able to install keylogging software and steal bank account passwords.
Tuesday, August 11, 2009
The outage that knocked Twitter offline for hours was traced to an attack on a lone blogger in the former Soviet republic of Georgia - but the collateral damage that left millions around the world tweetless showed just how much havoc an isolated cyberdispute can cause.
"It told us how quickly many people really took Twitter into their hearts," Robert Thompson, director of the Center for the Study of Popular Television at Syracuse University, said Friday. Tens of millions of people have come to rely on social media to express their innermost thoughts and to keep up with world news and celebrity gossip. Twitter "is one of those little amusements that infiltrated the mass behavior in some significant ways, so that when it went away, a lot of people really noticed it and missed it."
A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious "rogue" antivirus products.
"This is maybe one of the top European centers of crap," he said in an e-mail interview. Real Host was considered a "bullet proof" hosting provider, that would allow customers to remain online even after they had been linked to malicious activity.
Monday, August 10, 2009
The distributed denial-of-service (DDOS) attacks that knocked out Twitter for hours and affected other sites like Facebook, Google's Blogger, and LiveJournal on Thursday continued all day Friday and may persist throughout the weekend. In its latest update, posted to a discussion forum of its third-party developers at 11 p.m. U.S. Eastern Time on Friday, Twitter reports it's still fighting the attacks.
"The DDoS attack is still ongoing, and the intensity has not decreased at all," wrote Chad Etzel, from Twitter's application development platform support team.
Friday, August 07, 2009
One of Israel's main political parties has shut down its website following an attack by Palestinian hackers, according to reports. Attackers on the official Kadima website posted images of wounded Palestinians and the aftermath of suicide bombings in Israel.
Slogans in both Hebrew and Arabic were also placed on the site, including threats to party leader Tzipi Livni. Kadima, a centrist political party that favours a two-state solution to the Middle East conflict, is the largest party in the Israeli parliament.
Micro-blogging service Twitter and social networking site Facebook have been severely disrupted by hackers. Twitter was taken offline for more than two hours whilst Facebook's service was "degraded", according to the firms.
The popular sites were subject to so-called denial-of-service attacks on Thursday, the companies believe. Denial-of-service (DOS) attacks take various forms but often involve a company's servers being flooded with data in an effort to disable them.
Monday, August 03, 2009
Chinese hackers crashed the website of Australia's biggest film festival, organisers said on Saturday, escalating tensions over a visit here by the exiled leader of the Uighur minority. Online bookings for the Melbourne International Film Festival had to be shut down after the site was bombarded with phony purchases which resulted in the entire program being sold out, said festival spokeswoman Asha Holmes.
A Chinese citizen living in the United States had alerted organisers to the viral campaign, which originated from a website in China titled "A Call to Action to All Chinese People", said Holmes.
A powerful new type of Internet attack works like a telephone tap, except operates between computers and Web sites they trust.
Hackers at the Black Hat and DefCon security conferences have revealed a serious flaw in the way Web browsers weed out untrustworthy sites and block anybody from seeing them. If a criminal infiltrates a network, he can set up a secret eavesdropping post and capture credit card numbers, passwords and other sensitive data flowing between computers on that network and sites their browsers have deemed safe.
Thursday, July 30, 2009
Facebook, MySpace and other social networking sites are inceasingly being targeted by cyber-criminals drawn to the wealth of personal information supplied by users, experts warn. Data posted on the sites -- name, date of birth, address, job details, email and phone numbers -- is a windfall for hackers, participants at Campus Party, one of the world's biggest gatherings of Internet enthusiasts, said.
A vicious virus Koobface -- "koob" being "book" in reverse -- has affected thousands Facebook and Twitter users since August 2008, said Asier Martinez, a security specialist at global IT solutions provider Panda Security.
Microsoft released a security patch on Tuesday aimed at preventing hackers from exploiting a vulnerability in its Web browser, Internet Explorer.
The US software giant said that the security update would be automatically installed for Internet Explorer users who have automatic updating enabled on their computers but would need to be installed manually by other users. "These vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer," Microsoft said.
Tuesday, July 28, 2009
Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."
The U.S. Cyber Challenge initiative will bring together three cybersecurity competitions for high school or college students and launch new in-person competitions, said Alan Paller, research director at the SANS Institute, a cybersecurity training organization. The organizers of the U.S. Cyber Challenge also plan to offer scholarships to promising students and hook them up with internships and jobs, Paller said.
Friday, July 24, 2009
The news report begins with shots of a tense space shuttle launch. Engineers hunch over computer banks and techno music pounds in the background. There is a countdown, a lift-off, and then you see a young man in a black T-shirt and sunglasses, apparently reporting from space.
This is the Hacker News Network, and after a decade offline it is lifting off again, this time with a quirky brand of video reports about security. They're the guys who famously told the U.S. Congress that they could take down the Internet in about 30 minutes, and who helped invent the way that security bugs are reported to computer companies.
Thursday, July 23, 2009
Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.
The study describes a fragmented federal cyber force, where no one is in charge of overall planning and government agencies are "on their own and sometimes working at cross purposes or in competition with one another." The report, scheduled to be released Wednesday, arrives in the wake of a series of cyberattacks this month that shut down some U.S. and South Korean government and financial Web sites.
Hackers will soon gain a powerful new tool for breaking into Oracle Corp's (ORCL.O) database, the top-selling business software used by companies to store electronic information.
Security experts have developed an easy-to-use, automated software tool that can remotely break into Oracle databases over the Internet to simulate attacks on computer systems, but cybercrooks can use it for hacking. The tool's authors created it through a controversial open-source software project known as Metasploit, which releases its free software over the Web.
Wednesday, July 22, 2009
The popularity of Facebook and other popular social networking sites has given hackers new ways to steal both money and information, the security company Sophos said in a report released on Wednesday.
About half of all companies block some or all access to social networks because of concerns about cyber incursions via the sites, according to the study. "Research findings also revealed that 63 percent of system administrators worry that employees share too much personal information via their social networking sites, putting their corporate infrastructure -- and the sensitive data stored on it -- at risk," the Sophos report said.
Friday, July 17, 2009
The U.K. was the likely source of a series of attacks last week that took down popular Web sites in the U.S. and South Korea, according to an analysis performed by a Vietnamese computer security analyst. The address is registered to Global Digital Broadcast in the U.K. "Having located the attacking source in U.K., we believed that it is completely possible to find out the hacker," Nguyen wrote.
The results contradict assertions made by some in the U.S. and South Korean governments that North Korea was behind the attack. Security analysts had been skeptical of the claims, which were reportedly made in off-the-record briefings and for which proof was never delivered.
Thursday, July 16, 2009
As such, Facebook is quickly becoming a hotbed of activity for all kinds of malware and financial scams. With 200 million registered users, Facebook represents an ocean of fish which are all accessible in one convenient place. It helps that many Facebook users are relatively unsophisticated at the web and especially the complex security issues surrounding it, and are thus more susceptible to attacks delivered via the social network.
Facebook says it's doing its part to fight the problem, but it can't monitor every bit that passes through its servers. Less than 1 percent of its users have been victimized over the last five years, it says. That sounds good, until you realize that could be up to 2 million people, hardly a drop in the bucket.
A British hacker who has been fighting extradition to the United States for seven years today made an eleventh-hour appeal to a British court to be tried in the U.K. instead of in a U.S. federal court.
Gary McKinnon, 43, has admitted that in 2001 he broke into U.S. Department of Defense, NASA and U.S. Army computer systems. However, McKinnon has been using a series of legal maneuvers and appeals to fight extradition to the U.S. since he was indicted in November 2002 in the U.S. District Court for the Eastern District of Virginia on charges related to the computer hacks.
Wednesday, July 15, 2009
Microsoft Corp warned that cybercriminals have attacked users of its Office software for Windows PCs, exploiting a programing flaw that the software giant has yet to repair. The world's largest software maker issued the warning on Tuesday as it released patches to address nine other security holes in its software.
Cybercriminals target Microsoft programs because they are so widely used, allowing them to go after the largest number of potential victims with one set of code. (Windows runs more than 90 percent of the world's PCs. Office has some 500 million users).
The number of botnets and of computers controlled by them in China has fallen in recent years, though the country remains a top host for the networks of compromised computers, according to the government and independent researchers.
Over 1.2 million computers in China were newly infected with software that enabled their control by a botnet last year, about one-third the figure for the previous year, according to a report published late last month by China's National Computer Network Emergency Response Technical Team (CNCERT). That followed an equally steep fall from 2006, when the team estimated there were 10 million new infections in China.
Tuesday, July 14, 2009
Cyber criminals are aping executives when it comes to sales, marketing and risk management in the world of online treachery, according to a report released by networking giant Cisco.
"A lot of techniques they are using today are not new; it is really about how they may be doing some of the same old things," said Cisco chief security researcher Patrick Peterson.
Criminals have taken to sending blanket text messages to numbers based on area codes of local banks directing people to call into a service center to address supposed concerns about their accounts.
The police are to examine claims that a huge mobile phone hacking operation was launched by the News of the World, targeting thousands of people. The Guardian says the Sunday paper's reporters paid private investigators to hack into phones, many of them owned by politicians and celebrities. It is alleged details were suppressed by the police and the High Court.
Prime Minister Gordon Brown said: "This raises questions that are serious and will obviously have to be answered." Metropolitan Police Commissioner Sir Paul Stephenson has ordered a senior officer to "establish the facts".
Monday, July 13, 2009
South Korean police said they have arrested a hacker for staging cyber attacks similar to those that crippled domestic and US websites this week.
The 39-year-old identified only as Choi is accused of paralysing the homepage of the government Game Rating Board by using a distributed denial-of-service (DDoS) method.
Choi was an agent for software developers seeking approval from the board for new games. Because he failed to finish one job on time, he crashed the site to create an excuse for his tardiness. Choi is accused of buying a hacking programme from an ethnic Korean in China.
Friday, July 10, 2009
Computer security experts were divided Thursday on whether North Korea was behind the ongoing attacks on US and South Korean websites, an assault that highlighted the vulnerabilities of the Web.
The so-called distributed denial of service (DDoS) attack used an army of malware-infected computers known as a "botnet" in a bid to paralyze US and South Korean websites by overwhelming them with traffic.
Around a dozen websites in the United States, including those of the White House, State Department and Pentagon, and another dozen in South Korea were among those targeted in the attack which began on Sunday.
Thursday, July 09, 2009
A denial of service attack that took down some of South Korea's highest profile Web sites on Wednesday is set to resume Thursday evening, according to computer security specialist AhnLab. The attack will restart at 6pm local time (9am GMT) and be directed at a smaller number of sites that those hit a day earlier. They will include government Web sites and the home pages of the Chosun Ilbo newspaper and Kookmin Bank.
A denial of service attack involves sending a massive volume of traffic to a Web site so that it becomes overloaded. While some users will occasionally be able to access the site being attacked most will see nothing until a network time-out message appears.
A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.
The attack started Saturday, and security experts have credited it with knocking the U.S. Federal Trade Commission's (FTC's) Web site offline for parts of Monday and Tuesday. Several other government Web sites have also been targeted, including the U.S. Department of Transportation (DOT).
Wednesday, July 08, 2009
A series of cyber-attacks that targeted and paralyzed government networks and leading portal servers Tuesday and Wednesday are raising concerns that the world's self-proclaimed Internet powerhouse is prone to hacking and other cyber security threats.
The prosecution and police launched an investigation Wednesday to track the origin of hackers who hijacked a dozen local Internet sites, including those run by Cheong Wa Dae, the National Assembly, the Ministry of National Defense and top Web portal Naver, from Tuesday evening to Wednesday morning.
(Source: The Korea Times)
The Korea Times
Wednesday, July 01, 2009
A blind Boston-area teenager was sentenced to more than 11 years in prison Friday for hacking into the telephone network and harassing the Verizon investigator who was building a case against him.
Matthew Weigman, 19, was part of a group of telephone hackers that met up on telephone party lines and was associated with more than 60 "swatting" calls to 911 numbers across the country. Weigman, known as "Little Hacker," became involved in telephone hacking around age 14 and continued to operate until last year.
Tuesday, June 30, 2009
Within hours of the death of pop star Michael Jackson, spam trading on his demise hit in-boxes, a security firm said as it warned that more junk mail was in the offing. Just eight hours after news broke about Jackson, Abingdon, England-based Sophos PLC started tracking the first wave of Jackson spam, which used a subject line of "Confidential -- Michael Jackson."
The spam wasn't pitching a product or leading users to a phishing or malware Web site. Instead it was trying to dupe users into replying to the message in order to collect e-mail addresses and verify them as legitimate.
Friday, June 26, 2009
Britain warned on Thursday of a growing risk to military and business secrets from computer spies and pledged to toughen cyber security to protect the 50 billion pounds ($82 billion) spent a year online in its economy.
Launching Britain's first national cyber security strategy, security minister Alan West said hostile states and criminals were increasingly attacking British interests online and al Qaeda and like-minded groups were seeking the ability to do so.
"We know that various state actors are very interested in cyber warfare," West, a junior minister at the Home Office (Interior Ministry), told reporters. "The terrorist aspect of this is the least (concern), but it is developing."
Thursday, June 25, 2009
Recently scammers have become more aggressive on the site. They will set up new accounts and post spam messages on hot topics in hopes of gaining clicks when people search through Twitter.
And while hacked Twitter accounts are still rare, they're a much more effective way to reach victims, according to Rik Ferguson, a researcher with Trend Micro. "If you can take over an account that has a couple of thousand followers then you can get a much better return on your investment."
Wednesday, June 24, 2009
The US military announced a new "cyber command" designed to wage digital warfare and to bolster defenses against mounting threats to its computer networks. The move reflects a shift in military strategy with "cyber dominance" now part of US war doctrine and comes amid growing alarm over the perceived threat posed by digital espionage coming from China, Russia and elsewhere.
President Barack Obama has put a top priority on cyber security and announced plans for a national cyber defense coordinator. A recent White House policy review said that "cybersecurity risks pose some of the most serious economic and national security challenges of the 21st century." Obama has promised privacy rights would be carefully safeguarded even as the government moves to step up efforts to protect sensitive civilian and military networks.
Tuesday, June 16, 2009
A federal grand jury in New Jersey today indicted three people, and five people were arrested in Italy, all in connection with hacking into the IT systems of thousands of companies around the world to gain free access to telephone services, according to the U.S. Attorney's Office in Newark, N.J.
A multinational team of investigators worked jointly to round up the alleged hackers and their financial backers in the scheme to gain access into the systems of many companies -- 2,500 in the U.S. alone -- to steal access codes that the victim companies used to route phone calls through telecom systems, the office said.
The value of all the stolen services was unclear, though the U.S. Attorney's Office said the thieves routed more than $55 million worth of telephone calls over telecommunications networks in the U.S. "This was an extensive and well-organized criminal network that worked across continents," said New Jersey's acting U.S. attorney, Ralph J. Marra Jr., in a statement.
Monday, June 15, 2009
While most viruses target PC users, there has been rise in the number of attacks on Mac systems. Graham Cluley, a security expert with anti-virus firm Sophos, told the BBC that the small number of Mac viruses had made some users complacent.
Security experts have discovered two novel forms of Mac OS X malware. OSX/Tored-A - an updated version of the Mac OS Tored worm - and a Trojan called OSX/Jahlav-C were both found on popular pornographic websites. Users logging on to these sites are asked to download a "missing Video ActiveX Object" but are sent a virus payload instead.
Wednesday, June 10, 2009
The takedown last week of a rogue ISP by the U.S. Federal Trade Commission (FTC) slashed spam volumes by about 15% and reduced the spam spewed by a pair of big-name botnets by as much as to just 64%, a security firm said today.
"Spam dropped 15% across the board," said Bradley Anstis, director of technology strategy at Marshal8e6. "We especially noticed [the drop] over the weekend," he said, adding that the decline picked up steam slowly.
Last Tuesday, a federal court ordered the plug pulled on 3FN, an ISP operated by Belize-based Pricewert, after the FTC complained that the company hosts spam botnet command-and-control servers, as well as sites operated by child pornographers, identity thieves and other criminals.
Tuesday, June 09, 2009
A Hampton, New Hampshire, man has pleaded guilty to fraud charges for his role in a scheme to empty brokerage accounts by installing malicious Trojan horse software on victims' computers.
According to court documents, Alexey Mineev set up several "drop accounts" that were then wired funds stolen from banking and brokerage accounts between July and December 2007. He pleaded guilty to one count of money laundering on Wednesday, according to Mike Ruocco, deputy to Judge Paul Gardephe of the U.S. District Court for the Southern District of New York, who is presiding in the case.
The criminals would infect PCs with malicious Trojan software that would steal account numbers and passwords whenever victims logged into their accounts online.
Wednesday, June 03, 2009
As many as 40,000 Web sites have been hacked to redirect unwitting victims to another Web site that tries to infect PCs with malicious software, according to security vendor Websense.
Those Web sites have likely been hacked via a SQL injection attack, in which improperly configured Web applications accept malicious data and get hacked, Leonard said.
Friday, May 22, 2009
China has targeted cybercrime in three new sets of regulations issued this month as the activity starts to look like an established industry in the country.
Cybercrime in China has grown such that attackers often divide the labor needed to design malware, distribute it and turn the resulting access to remote PCs into monetary gain, security analysts say.
Over 1.2 million computers in China in 2008 were infected by software that let an attacker control them as part of a botnet, according to the Ministry of Industry and Information Technology (MIIT).
(Source : PCWorld)
Monday, April 27, 2009
At the recent RSA Conference 2009 in San Francisco, United States, McAfee CEO DeWalt called for a global security architecture.
"Security threats are on the rise as the economy declines, and the solution will likely come from collaborative partnerships that span all IT platforms and international boundaries." "DeWalt painted a grim picture of the security landscape. Consumer confidence has gone down while unemployment and has risen, he said. And as the economy has gone into a tailspin, cybercrime has seen a sharp upward spike, with more malware detected in 2008 than in the previous five years combined. Last year, 80 percent of cybercrimes were financially motivated, he added."
"Many organizations are vastly underprotected or fail to regularly update patches and security software, which have opened up copious threat vectors for attackers, DeWalt said. In addition, the explosion of malicious threats in the last year can also be attributed to lack of user education and best security practices, as well as lack of comprehensive security." "One of the solutions, DeWalt proposed, would be to build comprehensive security architecture across numerous IT platforms that would be able to interoperate with companies' existing network infrastructure. That architecture would ultimately allow organizations to create correlating reports for every department and system, while allowing greater overall visibility into their organization's network, DeWalt said." "Cross-platform collaboration provides IT administrators a panoramic view into their network and allows communication across the threat vectors to shore up otherwise unseen security holes." "That same type of collaborative architecture will ultimately be required to extend across international borders and throughout global networks as the threats continue to become more sophisticated and the attacks more prevalent, DeWalt said. "The most depressing part of this is that we do not have a global architecture in place," he said. "We need to work together. Undoubtedly, (attacks) will continue to increase."
Read the full story on ChannelWeb.
Friday, April 24, 2009
A new report of the mobile industry shows that some progress has been made by the 26 mobile operators signed up to the "European Framework for Safer Mobile Use by Younger Teenagers and Children brokered by the Commission in February 2007 (IP/07/139). These operators serve around 580 million customers, 96% of all EU mobile customers. "The new report of the mobile phone industry association shows that mobile operators have started to take seriously their responsibilities to keep children safe when using phones," said EU Telecoms Commissioner Viviane Reding.
50% of 10 year-old, 87% of 13 year-old and 95% of 16 year-old children in the EU have a mobile phone, but half of European parents worry mobile phone use might expose their children to sexually and violently explicit images (51%) or bullying by other children (49%), according to a survey. The European Commission today called on mobile operators to do more to keep children safe while using mobile phones by putting in place all the measures in the voluntary code of conduct, signed by 26 mobile operators in 2007. The report published by the GSM Association, the trade body of the mobile phone industry, showed that national self-regulatory codes based on the framework agreement brokered by the European Commission now exist in 22 Member States, 90% of them in line with the 2007 agreement, and 80% of operators have put in place measures to control child access to adult content.
Read the full EC press release from 20 April 2009 here.
More information on the GSMA report onimplementation of the framework agreement on "Safer Mobile Use by Younger Teenagers and Children" can be found here.
Friday, April 17, 2009
The British Computer Society (BCS)'s website shares information and advice on how to stay safe while shopping online in a set of "Golden Rules" compiled by Global Secure Systems (GSS).
The twelve golden rules to safely shopping online include the below (detailed information available on the BCS website):
- Most malware exploits are known problems with software and operating systems. The hacker, or code writer, is relying upon people being lazy and not keeping systems up to date. For this reason it is very important to keep your anti-virus product up to date with the latest signature files and operating system updates from Microsoft.
- Never go online without ensuring you have your personal firewall enabled.
- Don't ever select the remember my password option when registering online as your passwords are then stored on the PC, often in plain text, and are the first thing that a fraudster will target. Some
- Ensure that your credit cards are registered with your card provider's online security services such as Verified by Visa and MasterCard SecureCode.
- Use only one card for online shopping, maintaining a limit on the card as low as possible or even using a top-up card for your online purchasing.
- Be sure to use a credit card and not a debit card.
- Be sure to check your statements regularly, and if there is any sign of irregular activity, report it straight away.
- Always check for the little padlock at the bottom right hand corner of the browser (when using Internet Explorer) before entering your card details.
- Never shop from sites that you arrive at from clicking links in unsolicited marketing emails (spam).
- It is important to remember that you could be doing everything right, but that the vendor may do something wrong. A vendor may well be storing all your credit card data on a single server.
- Finally, don't rely on previous customer's testimonials - they are part of the organisation's marketing and not necessarily factual. The golden rule of commerce is still the same as it ever was - if the offer looks too good to be true, it probably is!
The full set of "Golden Rules to Safe Internet Shopping" can be found here.
For more information see the British Computer Society (BCS) and Global Secure Systems (GSS) websites.
Friday, April 10, 2009
ITU is pleased to announce the launch of its 2009 Cybersecurity and ICT Applications Essay Competition.
The 2009 ITU Cybersecurity and ICT Applications Essay Competition is open to current students and recent graduates in economics, political science, law, literature, telecommunications, computer science, information systems and related fields between the ages of 20 and 30 years old. The winners of the 2009 Essay Competition will be offered the opportunity of a consultancy contract within the ITU Development Sector's ICT Applications and Cybersecurity Division for three months. The winners will be given a contribution towards the cost of an economy class flight from their place of residence. In addition, they will be paid the sum of CHF 6000 towards living expenses for the duration of the contract.
To enter the competition you need to submit an essay on one of the following essay topics:
- Mobiles for Development: Enabling Low-Cost e-Applications for Rural and Remote Areas (e-Health, e-Government, e-Environment)
- Protecting Children and Youth in the Internet and Mobile Age: Innovative Technical and Social Solutions
- Connecting the World Responsibly: Empowering Women and Girls Through Creative Uses of ICTs
- Personal Information Online (internet/mobiles): Responding to User Safety Concerns
All applications should be submitted online through the competition website.
The deadline for applications is 14 June 2009.
We look forward to reviewing your applications and wish you the best of luck in the competition!
Thursday, February 26, 2009
The Anti]Phishing Working Group (APWG) and IPC has released a new idustry advisory document titled: "What to do if your site has been hacked by phishers". The purpose of the document is to provide website owners with specific actions they can take when they have been notified that their website or webserver has been infiltrated and used for phishing.
The document notes that "Some phishers use compromised computers to host malicious or illegal activities, including identity theft, fraudulent financial activities, as well as collecting personal information and business identities from their victims for future use. Others attack or 'hack' into and gain administrative control over the legitimate web sites of businesses and organizations of all sizes. Such hacked web sites disguise the bad acts the phishers perform. More importantly, web site hackers are fully aware that the web sites they hack and 'own' are reputably legitimate."
"Law enforcement and anti]phishing responders respect and operate under established business, technical, and legal constraints when they seek to remedy or take down hacked web sites. These measures protect legitimate web site operators but unfortunately serve the attacker as well by extending the duration of the attack. The Anti]Phishing Working Group (APWG) offers this document as a reference guide for any web site owner or operator who suspects, discovers, or receives notification that its web site is being used to host a phishing site. The document explains important incident response measures to take in the areas of identification, notification, containment, recovery, restoration, and follow]up when an attack is suspected or confirmed. This document serves a guideline for web site owners."
See the full APWG "What to do if your site has been hacked by phishers" Industry Advisory here.
Wednesday, February 11, 2009
According to a article in the Indian Hindustan Times, "Indian diplomats now cannot open a Facebook account, use external e-mail services, or write blogs, thanks to new rules and much stricter firewalls aimed at preventing cyber attacks and leakage of classified information. Over the past eight months, the Indian Ministry of External Affairs has been overhauling its computer network security, putting up layers of barriers against intrusions into the network, officials associated with cyber security said. There are almost 600 computers at its headquarters at South Block, about half of which are connected to the Internet. Classified work is typically done on stand-alone computers, usually with the external drives removed. "We have set up a unified threat management system for the ministry. This simultaneously uses eight levels of protection like firewalls and spam mail filtering," said a senior official.
"We are also requesting and encouraging more responsible behaviour from our staff when working online," the official told IANS, requesting anonymity. A circular issued last week asked officials not to log on to social networking sites, specifically citing Facebook, Orkut and Ibibo as examples. The other prohibited practices include download of peer-to-peer music using sites like Kazaa and sharing of photos through Flickr and Picasa. The circular also discourages using services like G-mail, Yahoo! or Hotmail for official communication. A similar circular, officials said, had been issued in the Prime Minister's Office in December. But the matter is even more critical for the foreign office as officials posted in Indian missions abroad or on foreign tours tend to use web-based mail rather than the ministry's own mail system. "We have had cases of senior officers using G-mail or other similar accounts abroad for official work, only to find some form of tampering when they return," the official said, adding people have been told to change their web-mail passwords if they had opened the account during foreign tours. The missions have been told to use their official mail ID issued by the National Informatics Centre for communication. But several missions have complained that the mail home page was inaccessible due to port blocks by local Internet service providers. They have been asked to contact their service providers to unblock the site. "We want to secure communications with Indian missions through private networks. This may be implemented in the next few months," said an official working with the technical team in the ministry.
Read the full article here.
Tuesday, February 10, 2009
Press release issued simultaneously by ITU and European Commission.
Geneva, 10 February 2009 ITU and the European Commission have joined forces to mark Safer Internet Day. This year, the focus is on protecting children online.
Children are among the most active and most vulnerable participants online. According to recent surveys, over 60 per cent of children and teenagers talk in chat rooms on a daily basis. Three in four children online are willing to share personal information about themselves and their family in exchange for goods and services. One in five children will be targeted by a predator or paedophile each year. Protecting children in cyberspace is, therefore, clearly our duty.
"Children are very resourceful in making the most of online services such as social networking sites and mobile phones," said Viviane Reding, European Commissioner for Information Society and Media. "But many still underestimate the hidden risks of using these, from cyber-bullying to sexual grooming online. Today, I call upon all decision-makers, from both the public and the private sector, to listen and learn from children and to improve awareness strategies and tools to protect minors." Ms Reding added: "The Internet binds the whole world together. The safety of children who use it is a concern for everyone. I am therefore very happy that ITU is associated with us in doing this, today on Safer Internet Day, and all year round."
"Child online safety must be on the global agenda," said ITU Secretary-General Hamadoun Touré. "We must ensure that everyone is aware of the dangers for children online. And we want to promote and strengthen the many outstanding efforts that are being made around the world, such as the Safer Internet Programme, to limit these dangers." This year, the 6th edition of Safer Internet Day includes more than 500 events in 50 countries worldwide. ITU and the European Commission will collaborate on this and future events, such as World Telecommunication and Information Society Day, 17 May 2009, which is dedicated to "Protecting Children in Cyberspace". The European Commissions Directorate General for Information Society and Media has declared its full support for ITUs Child Online Protection (COP) Initiative. The ECs Ins@fe Network will launch a Safer Internet Day virtual exhibition which will host pavilions where visitors can learn more about initiatives undertaken by the 50 participating countries. ITU will host an online pavilion in support of ECs efforts to raise awareness among youngsters aged 12 to 17 regarding the risks they may face online.
ITU and Child Online Protection (COP)
ITUs motto is "committed to connecting the world", but we are also committed to connecting the world responsibly. That means working together to ensure cybersecurity, enable cyberpeace, and more importantly protect children online. While child online protection programmes exist in many developed countries, there are very few in the developing world today and very little coordination between them. ITU established the Global Cybersecurity Agenda (GCA) and launched the Child Online Protection (COP) initiative. COP aims to bring together partners from all sectors of the global community to ensure a safe and secure online experience for children everywhere.
See the press release here.
Friday, January 23, 2009
NYTimes writes that "A new digital plague has hit the Internet, infecting millions of personal and business computers in what seems to be the first step of a multistage attack. The worlds leading computer security experts do not yet know who programmed the infection, or what the next stage will be. In recent weeks a worm, a malicious software program, has swept through corporate, educational and public computer networks around the world."
"Known as Conficker or Downadup, it is spread by a recently discovered Microsoft Windows vulnerability, by guessing network passwords and by hand-carried consumer gadgets like USB keys. Experts say it is the worst infection since the Slammer worm exploded through the Internet in January 2003, and it may have infected as many as nine million personal computers around the world."
This article was accessed through Dave Farber's list.
See the full article in NYTimes here.
Saturday, November 01, 2008
The ITU Regional Cybersecurity Forum for Europe and the Commonwealth of Independent States (CIS) was held in Sofia, Bulgaria from 7 to 9 October 2008.
The forum, which was hosted by the State Agency for Information Technology and Communications (SAITC) of the Republic of Bulgaria, aimed to identify some of the main challenges faced by countries in Europe and CIS in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on cybersecurity development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders.
Approximately 130 people from 25 countries participated in the event from Europe and CIS, as well as from other parts of the world. Simultaneous interpretation in Russian and English was provided for the participants throughout the forum. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Europe and CIS, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings reached at the event.
See the website for further information.
Monday, September 01, 2008
The ITU Regional Cybersecurity Forum for Eastern and Southern Africa was held in Lusaka, Zambia from 25 to 28 August 2008.
The forum, which was hosted by the Communications Authority of Zambia and the Government of Zambia, and jointly organized by ITU and COMESA, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders.
Approximately 60 people from 21 countries and 4 regional organizations participated in the event. Among the participants were professionals from governments, regulatory authorities, private sector, and civil society. Full documentation of the event, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the four days of the ITU Regional Cybersecurity Forum for Eastern and Southern Africa, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.
The third day of the ITU Regional Cybersecurity Forum, 27 August 2008, was dedicated to specific working sessions on developing national and regional cybersecurity/CIIP capacity through three working groups. The working groups focused on 1) developing a national cybersecurity strategy, 2) legislation and enforcement and, 3) watch, warning, and incident response. In addition to the overall forum recommendations, specific recommendations and suggestions were developed by the three ad hoc working groups: Working Group 1: Regional Approach for the Development of a National Cybersecurity Strategy; Working Group 2: Legal Foundation and Enforcement; and Working Group 3: Watch, Warning, and Incident Response.
See the event website for more information.
Friday, August 01, 2008
The ITU Regional Cybersecurity Forum for Asia-Pacific, and related Seminar on the Economics of Cybersecurity was held in Brisbane, Australia, 15-18 July 2008.
The regional cybersecurity forum, which was hosted by the Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, aimed to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. The forum also considered initiatives on the regional and international level to increase cooperation and coordination amongst the different stakeholders. The forum, one in a series of regional cybersecurity events organized by the ITU Development Sector (ITU-D), was held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity.
Approximately 90 people from 27 countries participated in the event, from the Asia-Pacific region, the Pacific Islands, as well as from other parts of the world. Full documentation of the forum, including the final agenda and all presentations made, is available on the event website. The meeting report available on the event website summarizes the discussions throughout the three days of the ITU Regional Cybersecurity Forum for Asia-Pacific, provides a high-level overview of the sessions and speaker presentations, and presents some of the common understandings and positions reached at the event.
The day prior to the start of the ITU Regional Cybersecurity Forum for Asia-Pacific, 15 July 2008, was dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity. Throughout the seminar the participants learned about the pervasive incentives and the new revenue streams that are created from malware and spam, how they enable legitimate business models (e.g., anti-virus and anti-spam products, infrastructure, and bandwidth) as well as fraudulent and criminal ones (e.g., renting out of botnets, bullet proof hosting, commissions on spam-induced sales, pump and dump stock schemes). Distinguished experts in this area explained how malware and spam create mixed and sometimes conflicting incentives for stakeholders, which complicate coherent responses to the problem. An ITU Study on the Financial Aspects of Network Security: Malware and Spam was presented and discussed at the event.
See the event website for more information.
Monday, May 19, 2008
The Federal Trade Commission has approved four new rule provisions under the Controlling the Assault of Non-Solicited Pornography and Marketing
Act of 2003 (CAN-SPAM), which aim to clarify the Acts requirements.
The new rule provisions address four topics: (1) an e-mail recipient cannot be required to pay a fee, provide information other than his or her e-mail address and opt-out preferences, or take any steps other than sending a reply e-mail message or visiting a single Internet Web page to opt out of receiving future e-mail from a sender; (2) the definition of sender was modified to make it easier to determine which of multiple parties advertising in a single e-mail message is responsible for complying with the Acts opt-out requirements; (3) a sender of commercial e-mail can include an accurately-registered post office box or private mailbox established under United States Postal Service regulations to satisfy the Acts requirement that a commercial e-mail display a valid physical postal address; and (4) a definition of the term person was added to clarify that CAN-SPAMs obligations are not limited to natural persons.
Continue reading the news release here.
BBC News recently reported the arrest of five hackers described as being among the most active on the internet. The hackers, who include two 16-year-olds, are accused of disrupting government websites in the United States, Asia and Latin America. Spanish police say the hackers co-ordinated attacks over the internet and hacked into 21,000 web pages over two years.
Read the full report here.
Monday, April 28, 2008
Read the full article here.
Tuesday, April 22, 2008
According to China's Computer Emergency Response Team (CN-CERT)'s 2007 annual report released last week, the greatest threat to the nation's portion of the internet are Trojan horse programs and bot software. Based on CN-CERT's findings, "the number of Chinese Internet addresses with one or more infected systems increased by a factor of 22 in 2007... [and] of 6.23 million bot-infected computers on the Internet, about 3.62 million are in China's address space." The report alse reveals that "domain name registration in the nation had almost tripled in the past year, attacks that tampered with legitimate Web sites grew 1.5 times, and malicious drive-by attacks jumped 2.6 times."
The report is currently only available in Chinese.
Read the full article here.
Monday, April 21, 2008
Six new standards enabling a more secure ICT environment have been approved by ITU. Experts say that the standards represent an important achievement reflecting the needs of business in establishing risk management strategies and the protection of consumers.
Three ITU-T Recommendations cover a definition of cybersecurity, a standardized way for vendors to supply security updates and guidelines on spyware. While the other three focus on countering the modern day plague of spam by providing a toolbox of technical measures to help consumers and service providers.
Recommendations on spam are a direct response to a call from the World Telecommunication Standardization Assembly (WTSA), the quadrennial event that defines study areas for ITU-T. Members asked that ITU-T define technical measures to tackle this plague of the digital world following growing global concern at additional costs and loss of revenue to Internet service providers, telecoms operators and business users.
Read the full news article on the ITU-T newslog.
Dan Kaminsky, director of Penetration Testing IOActive, Inc., gives a presentation on wildcard and NXDOMAIN redirection services. It discusses typosquatting, DNS ad injection, and provides several examples showing how these phishing trends work. Basically, it is quite possible for non-existent domains to be created validly on any random server, and to be near undetectable. Kaminsky concludes that "even small amounts of failed net neutrality can lead to catastrophic side effects on Internet security" and that "even if everything was 100% SSL, if the ISP could require code on the box, they could still bypass the crypto, and alter the content."
Access Dan Kaminsky's full presentation here.
On 15 November 2006, a Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions on fighting spam, spyware and malicious software had been released. "The Commission Communication on a Strategy for a secure Information Society aims at improving the security of network and information at large and invites the private sector to address vulnerabilities in network and information systems that can be exploited to spread spam and malicious software. The Commission Communication on the Review of the EU Regulatory Framework proposes new rules to strengthen security and privacy in the electronic communications sector." This
Communication deals with the evolution of spam, and threats such as spyware and malicious software. It also takes stock of efforts made so far to fight these threats and identifies further actions that can be taken, including strengthening Community law, law enforcement, cooperation within and between Member States, political and economic dialogue with third countries, industry initiatives, and R&D activities.
Among the proposed actions in this Communication are:
- Member States and competent authorities are called upon to lay down clear lines of responsibility for national agencies involved in fighting spam, ensure effective coordination between competent authorities, involve market players at national level, drawing on their expertise and available information, ensure that adequate resources are made available to enforcement efforts, and subscribe to international cooperation procedures and act on requests for cross border assistance.
- Companies are encouraged to ensure that the standard of information for the purchase of software applications is in accordance with data protection law, contractually prohibit illegal use of software in advertisements, monitor how advertisements reach consumers and follow up on malpractice, and e-mail service providers to apply a filtering policy which ensures compliance with the recommendation and guidance on e-mail filtering.
- The Commission aims to continue efforts in raising awareness and fostering cooperation between stakeholders. It also aims to continue to develop agreements with third countries including the issue of the fight against spam, spyware and malware, introduce new legislative proposals that strengthen the rules in the area of privacy and security in the communications sector, present a policy on cyber crime, involve ENISA expertise in security matters, and support research and development in its FP7 program.
With the accelerating development and spread of spam, spyware and malicious software, "the Commission is using its role as an intermediary to create greater awareness about the need for greater political commitment to fight these threats."
Read the full Communication here.
More on European Union Laws here.
Monday, March 17, 2008
The Washington Post's Security Fix features an article on vishing scams reporting three recent vishing attacks and how these attacks were done. According to the article, a series of well-orchestrated wireless phone-based phishing attacks against several financial institutions took place last week illustrating how scam artists are growing more adept at fleecing consumers by exploiting security holes in seemingly unrelated Internet technologies.
"The scams in this case took the form of a type of phishing known as "vishing," wherein cell-phone users receive a text message warning that their bank account has been closed due to suspicious activity, and that they need to call a provided phone number to reactivate the account. Victims who called the number reached an automated voice mail box that prompted callers to key in their credit card number, expiration date
and PIN to verify their information (the voice mail systems involved in these sorts of scams usually are run off of free or low-cost Internet-based phone networks that are difficult to trace and shut down)."
The article also pointed out the importance of installing the latest security updates on the Web servers as well as the use of non-obvious passwords to help mitigate these kinds of vishing attacks.
Read the full article on the Washington Post.
Friday, March 14, 2008
Thorsten Holz writes about Measuring and Detecting Fast-Flux Service Networks on the Honeyblog, a weblog that deals with IT-security related stuff, honeypots/honeynets, malware and bots/botnets. Findings on a lab project focusing on fast-flux service networks (FFSNs), a mechanism used by attackers to build an overlay network on top of compromised machines, were published in a paper at NDSS'08.
The paper presents the first empirical study of fast-flux service networks (FFSNs), a newly emerging and still not widely-known phenomenon in the Internet. "Through [their] measurements [they] show that the threat which FFSNs pose is significant: FFSNs occur on a worldwide scale and already host a substantial percentage of online scams. Based on analysis of the principles of FFSNs, [they] developed a metric with which FFSNs can be effectively detected. " Possible mitigation strategies are also discussed in the document.
Read the full paper here.
More about the paper on Honeyblog.
Thursday, March 13, 2008
On 11 March 2008, the Initiative for the Regional Integration of South American Infrastructure (IIRSA) and the Inter-American Communications Commission (CITEL) jointly organized at the Inter-American Development Bank (IDB) headquarters a workshop on International Roaming Services for Mobile Telecommunications, the first component of an IDB Technical Cooperation to support the project known as Implementation of a Roaming Agreement in South America, included in IIRSAs Implementation Agenda Based on Consensus. Following this event was the XII meeting of the Permanent Consultative Committee on Telecommunications I (PCC.I) of CITEL, held at the IDBs headquarters, in Washington D.C., from 12 through 14 March 2008, during which telecommunication-related topics deemed important for the region were discussed, such as the coordination of standards for telecommunication networks and services, convergence, analysis of cybersecurity issues and critical infrastructure and the use of telecommunications in emergencies, among others.
A presentation on the Overview of ITU-D Activities Related to Cybersecurity and Critical Information Infrastructure Protection was given by Robert Shaw, head of the ICT Applications and Cybersecurity division, during the CITEL meeting, providing background information on ITU, cybersecurity, related ITU key activities underway, and an outline of the Framework for Organizing a National Approach to Cybersecurity. Specific cybersecurity-related activities and initiatives as well as a case study on botnets were also presented.
Another presentation on Management Framework for Organizing National Cybersecurity/CIIP Efforts was given by Joe Richardson, further discussing the ITU Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self-Assessment Toolkit.
For more information on CYB's activities involving cybersecurity, visit the division website.
Tuesday, February 26, 2008
According to a report from vendor Mcafee, the growing number of cyber criminals in areas of Asia and Eastern-Europe is the result of a lack of IT jobs for qualified professionals. Joe Telafici, vice president of operations at Mcafee says that "the motivation to engage in illegal behavior is strong in Eastern Europe where technical skills were widely taught during the Cold War but economic
opportunities are limited. The same is true in Asia, where population growth has stretched strong economic performance to the limits." In China, 43 per cent of IT graduates are unemployed, and hacker "training" web sites are creating a pool of effective malware authors and paying them like
a legitimate business.
Read the full article here.
Thursday, February 21, 2008
According to reports, DDoS (Distributed Denial of Service) assaults on online gambling sites, particularly on major online poker websites, have surfaced this week. The online poker information portal Poker-king.com advised that many online poker and casino properties have suffered outages, naming Full Tilt Poker as probably the most visible with an inaccessible website for as long as 48 hours, probably incurring serious losses in business. As of 5 am EST Tuesday, the website is redirecting to www2.fulltiltpoker.com as a consequence of the attacks. According to the ShadowServer.org organisation, the attacks on Internet gambling sites commenced on 10 February 2008 and continued through to 18 February 2008. Among the targets were Full Tilt Poker, Party Casino, Titan Poker, Virgin Games, CD Poker, Europa Casino, and a number of Russian online gambling including Pokerlistings.ru. The extent of the outages for each site varied depending on the ferocity of the attacks and if they had any anti-DDoS attack measures in place. Full Tilt Poker is clearly still having issues while a number of the Russian web properties are still down. There have been reports that Full Tilt's poker room has crashed numerous times over the past few days, including an embarrassing outage during the final table of the FTOPS main event. The motive behind the attacks is still unknown.
Read the full report here.
Tuesday, February 12, 2008
According to the Washington Post, new research from Damballa suggests that the Storm worm has its roots in "Bobax worm," a computer worm that first surfaced as early as 2004. Bobax spread by exploiting various vulnerabilities in the Microsoft Windows operating system, and turned infected machines into spam-spewing zombies. Damballa researcher Chris Davis asserts that the Storm worm actually first surfaced in late 2006 as seen on this SANS Internet Storm Center alert on 29 December 2006. On 19 January, F-Secure reported receiving a flood of spam advertising new versions of Storm. Researchers soon discovered that all infected systems were controlled using the eDonkey peer-to-peer file (P2P) communications protocol, the same technology
and networks used by millions of people to share movies and music online. Paul Royal, Damballa's principal researcher said "they basically took Bobax and made all of them become Storm victims, and then started the propagation of Storm through that method. So Storm used a big botnet to bootstrap
itself, and it was the vehicle by which Storm became very popular very quickly." Damballa
estimates that roughly 17,000 systems remain infected with Bobax.
Read the full article on the Washington Post.
Thursday, February 07, 2008
With the rise of initiatives such as the One Laptop Per Child (OLPC) and Classmate, security experts warn that this development could mean an explosion in botnets in the developing world. However, Ivan Krstic, OLPC's director of security hardware, points to the choice of Linux as the operating system for the computers emphasizing that for an attack with an overall control, it would have to be written to the system kernel, and those vulnerabilities are patched very quickly making it difficult to get them to run bots. There is an option to run Windows XP on the machine though making all connotations of Windows security apply.
"The bigger problem in the long term may be the developing world's choice of operating system. 'Most of the machines we are shipping have Windows on them. That's the operating system most countries want,' says Intel. It adds that teachers will receive training from Intel to monitor the network and will be able to see if changes have been made to the machines: 'Some schools using the computers will have a teacher who is
responsible for security on their networks, others will have an IT person.' As a last resort the Classmate, like the OLPC XO, can be wiped clean and restored to its factory settings. But while Windows has its problems, Linux may not offer much better protection, says Guillaume Lovet, a botnet expert for Fortinet. 'The first botnets were Stacheldraht, Trinoo and TFN, and were built in Linux,' says Lovet. He also dismisses claims that the low bandwidth and internet use in parts of the developing world - the World Economic Forum's 2007 Africa Competitiveness Report estimated that African internet use was just 3.4% of the world total - would act as a brake on the development of botnets. 'It doesn't take any bandwidth to control or make a botnet,' Lovet says. 'Aggregated bandwidth is what is important, and that would still be massive. You could still build a huge cyber-weapon with only a thousand of these machines.'"
Intel and OLPC point out that the laptops will often only have intermittent connectivity which could lower the risk of getting infected. This could lower the chances of getting security upgrades as well though. Rolf Roessing, a security expert for KPMG, notes "if we are to bring IT to Africa then it will not work unless we bring security with it. Computer security in the west grew because of a loss of innocence and there are still weaknesses in the developed world because of a lack of awareness. If you bring IT to developing countries then you have to develop awareness, too."
Read the full article on The Guardian.
Monday, January 28, 2008
Net-Security.org recently interviewed Nitesh Dhanjani and Billy Rios, well-known security researchers that have recently managed to infiltrate the phishing underground. The interview gives readers a rundown on how Dhanjani and Rios saw an extraordinary amount of sensitive customer account information, obtained the latest phishing kits, located and examined the tools used by phishers, trolled sites buying and selling identities, and even social engineered a few scammers. They also expose on this interview the tactics and tools that phishers use, illustrate what happens when your confidential information gets stolen, discuss how phishers communicate and how they phish each other.
Read the full interview here.
According to Security experts at Sophos, 6,000 new infected webpages are discovered every day, 83 per cent of which belonging to innocent
companies and individuals that are unaware of their sites being compromised. Sophos further reports that the well-known iFrame vulnerability in Internet Explorer remained the preferred vector for malware attacks throughout last year with China (51.4 per cent) and the US (23.4 per cent) leading in the net security firm's list of malware-hosting countries. According to PandaLabs, "around half a million computers are infected by bots every day... [and] approximately 11 percent of computers worldwide have become a part of criminal botnets, which are responsible for 85
percent of all spam sent."
Read the full article on The Register.
Read relevant article on Slashdot.
Tuesday, January 22, 2008
The past week marks the one-year anniversary of the emergence of the spam-enabling Storm worm, a tenacious strain of malicious software that probably speaks more about the future of online crime than almost any other malware family
circulating online today. A chronological account from security firm Trend Micro visually sums up Storm's evolution. Dmitri Alperovitch, director of Secure Computing, said federal law enforcement officials who need to know have already learned the identities of those responsible for running the Storm worm network, but that U.S. authorities have thus far been prevented from bringing those responsible to justice due to a lack of cooperation from officials in St. Petersburg, Russia, where the Storm worm authors are thought to reside.
Alperovitch believes the majority of Storm worm victims are Microsoft Windows users who for whatever reason have ignored the best advice of security professionals by not running anti-virus software and/or regularly applying software security updates. Indeed, the infection statistics seem to support that analysis. According to Vincent Gullotto, head of Microsoft's security research and response team, Microsoft's "malicious software removal tool" -- shipped as part of its monthly patch updates -- has removed an average of 200,000 versions of the Storm worm from Windows systems each month since November, when the software giant first started shipping removal routines for Storm.
According to Trend, nearly 12,000 pieces of Storm-connected malware were unleashed online over the past year (this includes the Trojan that
drops the payload, the Storm worm itself, as well as regular -- sometimes hourly -- updates pushed out to infected machines to stay a step ahead of any anti-virus software installed on the host system.) As big as Storm got this past year, Symantec's numbers help put things in a bit more perspective. Storm-related malware made up slightly more than one-quarter of one percent of all potential malicious code infections in 2007, Symantec said.
Read the full article on the Washington Post.
Romanian artist Alex Dragulescu, a research assistant at the Massachusetts Institute of Technology's Sociable Media Group, puts a face to threats such as Storm and Netsky. "Dragulescu created his so-called 'threat art' in conjunction with live malware intercepted by e-mail security firm MessageLabs. Each is disassembled into a dump of binary code and then run through a program Dragulescu wrote. That program spends a few hours crunching through all the data, looking for patterns in the code that will determine the shape, color and complexity of each piece of threat art."
According to the Washington Post's article, the configuration of these created organisms is driven largely by the botnets' actions. Dragulescu explains that if there is a repeated attempt to write to a system memory address, a particular Windows API call that tries to write to a file or [blast out e-mail], for instance, the program tracks that and looks for the prevalence, number and behavior of those occurrences.
Dragulescu's other threat art include his "spam architecture," or his "spam plants," the latter of which take its form from rules that look at the ASCII values (computer code that represent the English alphabet) of each spam sample.
For more of Dragulescu's images, check out his Web site and the MessageLabs threat art page.
Read the full article on the Washington Post.
Tuesday, January 15, 2008
The Storm Worm botnet, using its huge collection of infected computers, is now sending out phishing emails directing people to fake banking sites that it also hosts on the computers it remotely controls, according to F-Secure and Trend Micro. Apparently, Storm has never been involved in phishing up to this point, however, the new campaign may indicate, according to F-Secure, that Storm's controllers have figured out how to divide the massive army into clusters which it is now renting out to others. F-Secure and Trend Micro both reported that the phishing scam was using a technique known as fast-flux DNS to keep the phishing site alive. Fast-flux works by constantly changing the IP address in the internet's phone book system (known as DNS) and having multiple computers in the botnet host the phishing site. This makes it very difficult to blacklist a IP address and since the site isn't being hosted by a company that researchers could contact to take down the site, the site lives longer.
According to Paul Ferguson, an advanced threat researcher for security giant Trend Micro, the spam emails were sent from a different segment of the botnet than the phishing sites were hosted. The site used for phishing was just registered on Monday. Anti-phishing filters, such as the ones bundled into Opera, Firefox and IE7, have gotten pretty good at quickly adding sites to their blocked list, however, "the issue becomes how do you work to take it down and find the perpetrators," said Ferguson.
Read Ferguson's article on this incident on Trend Micro's Malware Blog.
Read the full article on Wired Blog Network.
Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails, is classified as a more sophisticated "downloader" trojan due to its control server. According to the analysis of Secureworks, when executed, Pushdo reports back to one of several control server IP addresses embedded in its code. The server listens on TCP port 80, and
pretends to be an Apache webserver. Any request that doesn't have the correct URL format will be answered with the following content:
The Bender Bending Rodriguez text is simply misdirection to mask the true nature of the server - if the HTTP request contains the following parameters, one or more executables will be delivered via HTTP:
The Pushdo controller is preloaded with multiple executable files - the one we looked at contained 421 different malware samples ready to be delivered. The Pushdo controller also uses the GeoIP geolocation database in conjunction with whitelists and blacklists of country codes. This
enables the Pushdo author to limit distribution of any one of the malware loads from infecting users located in a particular country, or provides the ability to target a specfic country or countries with a specific payload.
Pushdo's detection of the physical hard drive serial number as a identifier not only provides a unique ID for the infected system,
but can also reveal information such as whether the code is running in a virtual machine or not. This could be a way for the malware author to spy on anti-virus companies using automated tools to monitor the malware download points.
Another anti-anti-malware function of Pushdo is that it looks at the names of all running processes and compare them to a list of anti-virus and personal firewall process names. Instead of killing off these processes, however, Pushdo merely reports back to the controller which ones are running, by appending "proc=" and a list of the matching process names to the HTTP request parameters. This enables the authors to determine which anti-virus engines or firewalls are preventing the malware from running or phoning home, by their absence from the statistics. This way the Pushdo author doesn't have to maintain a test environment for each AV/firewall product.
Recently, an e-card email containing a newer variant of Pushdo was received. Apparently taking notice that the Bleeding Snort project had published a signature (sid 2006377) to detect the Pushdo request variables in transit, the author has now changed the request to be less fingerprintable. An example of the new
request format is:
GET /40e800142020202057202d4443574d414c393635393438366c0000003c66000000007600000002 HTTP/1.0
Apparently, the author of Pushdo is intent on evading detection for as long as possible, in order to have the maximum amount of time to seed Cutwail spambots into the wild. Although it is unclear just how large the Cutwail botnet has become, the ambition of the project rivals that of other more well-known spam botnets, such as Storm.
Read the complete analysis on Pushdo here.
Read the blog entry detailing the trouble Sophos are having with the Pushdo trojan.
A new-generation worm-botnet known as Nugache, according to Dave Dittrich, might be the most advanced worm/botnet yet. It has no C&C server to target, has bots capable of sending encrypted packets and has the possibility of any peer on the network suddenly becoming the de facto leader of the botnet. However, despite numerous worms, viruses, bots and Trojans over the years having one or two of the features that Storm, Nugache, Rbot and other such programs possess, none has approached the breadth and depth of their feature sets. Rbot, with more than 100 features that users can choose from when compiling the bot, enables two different bots compiled from an identical source have nearly identical feature sets, yet look completely different to an antivirus engine.
A disturbing concern, experts say, is that there are several malware groups out there right now that are writing custom Trojans, rootkits and attack toolkits to the specifications of their customers, who are in turn using the malware not to build worldwide botnets like Storm, but to attack small slices of a certain industry, such as financial services or health care. A popular example of this is Rizo, a variant of Rbot. Like Nugache and Storm, Rizo has been modified a number of times to meet the requirements of various different attack scenarios. "Within the course of a few weeks, different versions of Rizo were used to attack customers of several different banks in South America. Once installed on a user's PC, it monitors Internet activity and gathers login credentials for online banking sites, which it then sends back to the attacker. It's standard behavior
for these kinds of Trojans, but the amount of specificity and customization involved in the code and the ways in which the author changed it over time are what have researchers worried."
To read the full article on Nugache, click here.
More security related news at Schneier on Security.
Wednesday, December 19, 2007
The OPTA Commission has imposed a fine of 1 million Euros on three Dutch enterprises, operating under the company name DollarRevenue, and their two directors, due to their unlawful installion of software on more than 22 million computers belonging to Internet users in the Netherlands and elsewhere. They primarily used misleading files, making Internet users believe that they were about to download apparently innocent files, whereas they actually contained DollarRevenue software. "They also used botnets, thereby installing files without user intervention. Each day 60,000 installations occurred on average. A total of more than 450 million program files were illegally placed on 22 million computers." With the enterprises and their directors having deliberately contravened provisions of the Universal Service and End Users Decree [Besluit universele dienstverlening en eindgebruikers], based on the Telecommunications Act [Telecommunicatiewet] and designed to promote safe Internet usage and to protect the privacy of Internet users, fines totalling 1 million Euros were imposed.
Read the full article on the OPTA website.
Friday, December 14, 2007
According to McAfee, the website of the French Embassy in Libya is currently under attack through IFRAME injection. With the visit by Libyan President Muammar Khadafi in the country, controversy is stirring up which has apparently triggered interest among people behind the attack. The iframe routes the victim to sites hosted through Hong Kong provider, then it redirects the victim to Russia and Ukraine where exploit and downloaders are used (Exploit-YIMCAM and downloader-AUD). McAfee warns people not to attempt reaching the site as it is still dangerous.
For more information, visit the McAfee Blog.
Tuesday, December 11, 2007
PC Tools recently discovered a social-engineering attack that uses trickery rather than a software flaw to access victim's valuable information. It is a new program that can mimic online flirtation and then extract personal information from its unsuspecting conversation partners. The program is believed to be making the rounds in Russian chat forums such as CyberLover. According to PC Tools, the "bot" cannot be easily distinguished from a real potential suitor, and the software can work quickly establishing up to 10 relationships in 30 minutes. It then compiles a report on every person it meets complete with name, contact information, and photos, which then may be made available for fraudulent activities. "Although the program is currently targeting Russian Web sites, PC Tools is urging people in chat rooms and social networks elsewhere to be on the alert for such attacks. Their recommendations amount to just good sense in general, such as avoiding giving out personal information and using an alias when chatting online."
Read the full article here.
Monday, December 03, 2007
Kelly Jackson Higgins, Senior Editor of Dark Reading wrote on how cyberwarfare has evolved into a growing underground market. According to experts, international cyber-spying is considered as the biggest threat for 2008 with the malware economy mimicking legitimate software markets. Malware suppliers are reportedly offering tools that make it easy for criminals with little technical know-how to commit their crimes, and many now advertise their 'products,' and offer support services as a value-add. These, as well as cyber-spying trends, are among the many findings of McAfee's annual Virtual Criminology Report released on 29 November 2007. The report was based on input from more than a dozen
security experts from NATO, the FBI, SOCA, The London School of Economics, and the International Institute for Counter-Terrorism.
"What struck me through most of this report is the threat is more evolutionary than revolutionary -- things we've talked about as potentially developing are now status quo," says David Marcus, senior research and communications manager for McAfee. "That's the disturbing part. Cyberwarfare, or state-sponsored malware, is business as usual." According to the report, what further concerns governments is that this malware, as well as the burgeoning market for zero-day exploits, sold in the black market can also be used for targeting government, banks or other sensitive infrastructures, such as the power grid.
Read the full article here.
Wednesday, November 28, 2007
ENISA recently launched its latest Position Paper, "Botnets - The Silent Threat", a 12-page paper identifying roles and structures of criminal
organizations for creating and controlling botnets, and trends in this type of cyber crime as well as online tools to identify and counter malicious code. ENISA points out that browser exploits account for more than 60% of all infections, email attachments for 13%, operating system exploits for 11%, and downloaded Internet files for 9%. It also emphasizes that the main problem is uninformed users. ENISA, thus, calls for "a more coordinated, cross country cooperation among multi-national law enforcement agencies, Internet Service Providers (ISPs) and software vendors" to combat botnets, and further adds that education of the everyday user is a key measure.
For further information, read ENISA's press release or access the full ENISA Position Paper.
Friday, November 23, 2007
Tuesday, November 13, 2007
John Kenneth Schiefer, a 26-year-old computer security consultant from Los Angeles has admitted to hacking into computers entrusted to him to create a botnet of as many as 250,000 PCs, which he used to steal money from and identities of unsuspecting consumers and corporations. "Schiefer agreed to plead guilty to four felony charges in connection with the case and faces up to 60 years in prison and a $1.75-million fine, according to court documents filed Friday in federal court in Los Angeles." According to Assistant U.S. Atty. Mark Krause in Los Angeles, Schiefer is the first person to be accused under federal wiretapping law of operating a botnet.
Schiefer stole user names and passwords for EBay Inc.'s PayPal online payment service to make unauthorized purchases and passed the stolen account information on to others. According to the plea agreement, a conspirator named "Adam" who is allegedly a minor was involved in Scheifer's scam. Scheifer and his accomplices were reported to have used illicit software which they planted on people's PCs to spirit account information from a storage area in Windows-based computers. A Dutch Internet advertising company also hired his services to install its programs on people's computers when they consented, but he installed it on more than 150,000 PCs without permission, earning more than $19,000 in commissions.
The federal investigation began in 2005, and the indictment includes "four counts of accessing protected computers to commit fraud, disclosing illegally intercepted electronic communications, wire fraud and bank fraud." Schiefer's initial appearance in Los Angeles will on Nov. 28 and his arraignment on Dec. 3. There is a similar case in May 2006 involving a Downey man, Jeanson James Ancheta who was sentenced to almost five years in federal prison after pleading guilty to four felony charges for using botnets to spread spyware and send spam.
To read the full article, visit the Los Angeles Times.
Related article also availabe here.
Thursday, November 08, 2007
Email Submission Operations: Access and Accountability Requirements by Carl Hutzler, Dave Crocker, Pete Resnick, Eric Allman, and Tony Finch has recently been released as Best Current Practice (BCP) 134. This document provides recommendations for constructive operational policies between independent operators of email submission and transmission services to mitigate the propagation of spam and worms. Its goal is to improve lines of accountability for controlling abusive uses of the Internet mail service. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. For more information, click here.
Tuesday, November 06, 2007
Roger A. Grimes of InfoWorld interviewed Paul Laudanski, founder and leader of CastleCops which is a volunteer organization dedicated to fighting malware, spam, and phishing. Paul talked about the effects of DDoS and provided pointers on how to mitigate and ride the attack. He said that the primary thing to be decided in cases of attacks is whether the company wants to stay in business during the attack or not. If so, all the attack traffic need to be absorbed along with the legitimate traffic, meaning the broadband connection, routers, firewall, Web servers, and back-end databases have to be able to deal with the attack. He also suggested knowing ahead of time how the company's ISP handle DDoS events. They further discussed how to possibly pursue criminal charges after the attacks. "To be honest, being able to locate and prosecute the DDoS attacker is a long shot. The lack of cohesive communications between all the parties that need to be involved in an investigation, the legal implications of the global nature of the assault, and the growing sophistication of bot nets all fight against a successful prosecution. But as Paul and CastleCops can tell you, it can be done."
Read the full article on InfoWorld.
Tuesday, October 30, 2007
A bogus email is circulating claiming to be from the Federal Trade
Commission and referencing a "complaint" filed with the FTC against the
emails recipient. The email includes links and an attachment that
download a virus. As with any suspicious email, the FTC warns
recipients not to click on links within the email and not to open any
attachments. This mailcious email appears to have a phony senders
address, "email@example.com" and also
spoofs the return-path and reply-to fields to hide the emails true
origin. While the email includes the FTC seal, it has grammatical
errors, misspellings, and incorrect syntax. Recipients should forward
the email to firstname.lastname@example.org and then delete it. Emails sent to that address are kept in the FTCs spam database to assist with investigations.
More information on this spam report at the Federal Trade Commission website.
Friday, October 26, 2007
John E. Dunn of Techworld reports on the Austrian Police's intention to use specially-crafted Trojans to remotely monitor criminal suspects.
"According to reports in Austrian media, the minister of justice Maria Berger, and Interior Minister Gunther Plater, have drafted a proposal that will be amended by legal experts and the cabinet with the intention of allowing police to carry out such surveillance legally with a judges warrant... According to Berger, Trojans would only be used in cases of serious crime, such as terrorism and organised racketeering. The Swiss authorities have declared the intention of using the same controversial technique, but only in cases of the most extreme nature, such as terrorism... The Austrian, German and Swiss governments have yet to explain how they would circumvent security programs that might be used by criminals to protect themselves, whether this would involve collusion with security software companies, and what would happen if such software-busting Trojans were subsequently reverse engineered and deployed by criminals
Read the full article on Techworld.
Monday, October 22, 2007
Brandon Enright, a network security analyst at University of California, San Diego, recently presented his findings at the Toorcon hacker conference in San Diego indicating the steady shrinking of the Storm Worm Botnet. According to Enright, it is now about 10 percent of its former size. Enright has been tracking Storm since July. "He has developed software that crawls through the Storm network and he thinks that he has a pretty accurate estimate of how big Storm really is. Some estimates have put Storm at 50 million computers, a number that would give its controllers access to more processing power than the world's most powerful supercomputer." Enright asserts that the numbers are far less terrifying though saying that in July, Storm appeared to have infected about 1.5 million PCs with 200,000 of which being accessible at any given time. He said that "a total of about 15 million PCs have been infected by Storm in the nine months it has been around, although the vast majority of those have been cleaned up and are no longer part of the Storm network."
According to Enright, the Storm Worm botnet started to dwindle in July when antivirus vendors began stepping up their tracking of Storm variants and got a lot better at identifying and cleaning up infected computers. With Microsoft's added Storm detection (Microsoft's name for Storm's components is Win32/Nuwar) into its Malicious Software Removal tool available with every Windows system, which was released on September 11, Storm infections dropped by another 20 percent overnight. Enright's most recent data counts 20,000 infected PCs available at any one time, out of a total network of about 160,000 computers.
To read the full article, click here.
An article on CIO, Who's Stealing Your Passwords? Global Hackers Create a New Online Crime Economy, provides a detailed account of Don Jackson's discovery of Gozi, 76service.com and the new online crime economy. It also illustrates the evolution of online crime from trojans to sophisticated networks selling bot services. Don Jackson is a security researcher for SecureWorks, one of dozens of boutique security firms that have emerged to deal with the Internet security. From an executable file, Gozi, that Jackson discovered on a friend's computer, he was led to this professionally-run business-like network, later identified as the 76service.com, where he uncovered a "3.3 GB file containing more than 10,000 online credentials taken from 5,200 machinesa stash he estimated could fetch $2 million on the black market." It was also mentioned that "Lance James company Secure Science discovers 3 million compromised login credentialsfor banks, for online email accounts, anything requiring a username and password on the Internetand intercepts 250,000 stolen credit cards. On an average week, Secure Science monitors 30-40GB of freshly stolen data, 'and thats just our company,' says James."
Read the full account of Don Jackson on the CIO website.
Thursday, October 18, 2007
A paper on wealth of Internet miscreants, "An Inquiry into the Nature and Causes of the Wealth of Internet Miscreants," is available online on the ICSI Center for Internet Research website. The paper discusses "an active underground economy which specializes in the commoditization of activities such as credit card fraud, identity theft, spamming, phishing, online credential theft, and the sale of compromised hosts. Using a seven month trace of logs collected from an active underground market operating on public Internet chat networks, [the researchers] measure how the shift from hacking for fun to hacking for profit has given birth to a societal substrate mature enough to steal wealth into the millions of dollars in less than one year."
To access the paper, click here.
Monday, October 15, 2007
The Washington Post recently reported on the Russian Business Network, an Internet business based in St. Petersburg which has become a world hub for Web sites devoted to child pornography, spamming and identity theft. Cybercrime groups including those responsible for about half of last year's incidents of phishing are said to be operating from the company's computer network system.
"The company 'is literally a shelter for all illegal activities, be it child pornography, online scams, piracy or other illicit operations,' Symantec analysts wrote in a report. 'It is alleged that this organized cyber crime syndicate has strong links with the Russian criminal underground as well as the government, probably accomplished by bribing officials...' But Alexander Gostev, an analyst with Kaspersky Lab, a Russian antivirus and computer security firm, said the Russian Business Network has structured itself in ways that make prosecution difficult. 'They make money on the services they provide,' he said -- the illegal activities are all carried out by groups that buy hosting services... In addition, Gostev said, criminals using the Russian Business Network tend to target non-Russian companies and consumers rather than Russians, who might contact local authorities. 'In order to start an investigation, there should be a complaint from a victim. If your computer was infected, you should go to the police and write a complaint and then they can launch an investigation,' Gostev said. Now, he added, his company and the police both have information, but no victim has filed a complaint."
Read the full article here.
Friday, October 12, 2007
A MAAWG document was recently released entitled "MAAWG Best Practices for the Use of a Walled Garden." This white paper discusses the criteria for exit and entry, remediation and subscriber education regarding walled garden. The primary goal of these practices is to help end-users become aware of and remove unwanted programs or malware residing on their personal computers and to stop the network from being used for abusive purposes. To access the white paper, click here. More information on MAAWG activities here.
Friday, October 05, 2007
Thursday, October 04, 2007
According to an article by Sharon Gaudin on InformationWeek, cybercriminals are splitting up their giant botnets, which have been diligently built up in the recent months, into smaller pieces to make them more agile, more easily hidden from detection, and easier to manage.
Iftach Amit, director of security research at security company Finjan tells InformationWeek that "smaller botnets get the job done, but smaller botnets generate a lot less traffic. That makes them harder to detect because they make much less noise. They fly under the radar when you're looking for anomalies in behavior." He adds that many botnets are operated from a single command center. If security researchers or law enforcement find that command center, the botnet is effectively shut down. However, if the hacker splits the botnet up into several smaller botners, each with its own command center, if one goes down, the others remain operational.
No apparent news yet link the Storm worm botnet to this trend. It was noted, however, that the Storm worm botnet is not controlled by one command center, which has made it difficult for researchers to shut it down.
Read the full article here.
Monday, October 01, 2007
The Anti-Malware Engineering Team, the team that builds the core antivirus, antispyware, anti-rootkit, and related technology used across a number of Microsoft products and technologies, posted on their blog recent "Storm" worm statistics based on the latest release of the Malicious Software Removal Tool (MSRT) developed and updated by Microsofts Malware Protection Center (MMPC). According to the Anti-Malware Engineering Team, as of 2PM on Tuesday, PDT, 18 September 2007, "the Renos family of malware has been removed from 668,362 distinct machines. The Zlob family has been removed from 664,258 machines. And the Nuwar family has been removed from 274,372 machines. In total, malware has been removed by this months MSRT from 2,574,586 machines." It has also been reported that another anti-malware researcher who has been tracking these recent attacks presented data that shows that the team knocked out approximately one-fifth of "Storm's" Denial of Service (DoS) capability on 11 September. No continued decrease was evident though since the first day which was presumably due to a newer version of the software that the criminals
behind the deployment of the "Storm" botnet has apparently immediately released.
Read the full article here.
Tuesday, September 25, 2007
Sophos recently reported on the hefty jail sentences that the pump-and-dump stock spam gang faces today. 47-year-old Michael Saquella (also known as Michael Paloma), 63-year-old Lawrence Kaplan, 38-year-old Henry Zemla and 26-year-old Justin Medlin
have all pleaded guilty to being part of an international gang that spammed out fraudulent news stories to create artificial demand in stocks, pumping up the share price of 15 small companies (Beverly Hills Film Studios; Body Scan; Cor Equity Holdings; Courtside Products; eDollars, IFINIX; Integrity Messenger; Latin Heat Entertainment; Motion DNA; PokerBook Gaming; TKO Holding; Trans-Global Holdings; V3 Global; Xtreme Technologies; and Zuma Beach Entertainment) and raising more than $20 million from investors. The four men are now facing between 5-10 years in prison.
"Pump and dump stock campaigns work by spammers purchasing stock at a cheap price and then artificially inflating its price by encouraging others to purchase more (often by spamming "good news" about the company to others). The spammers then sell off their stock at a profit. Sophos experts report that pump-and-dump stock campaigns account for approximately 25 percent of all spam, up from 0.8 percent in January 2005. Earlier this year, Sophos reported how the US Securities and Exchange Commission (SEC) had suspended trading in 35 companies as they were found to be commonly referenced in pump-and-dump stock email campaigns."
Read the full article here.
Monday, September 24, 2007
Tuesday, September 18, 2007
Wednesday, September 12, 2007
John E. Dunn reports on Techworld how the global market for criminal malware operates like a supermarket, complete with special offers and volume discounts, as a security company has discovered. On Panda Softwares latest quarterly report, the going rate for a reasonably sophisticated but generic Trojan is between £175 ($350) and £350 ($700), while the email list with which to target victims for the program costs from £50 ($100) per million names. The malware writers even offer specials in one case the company discovered a site selling a payment capture Trojan for £200 ($400) to the first 100 customers to sign up, a saving of £50 ($100) off the normal rate. "In recent months we have witnessed the growing professionalisation of digital crime," said Panda Softwares lab chief Luis Corrons. "The first step for cyber-crooks was when they started looking for profits from their activity instead of just notoriety. Now they are creating a vast online malware market, where there are even specialised segments. New business models are appearing, as we speak," he said.
Corrons adds that the malware industry now appears to be turning from being just a shop from which malware can be bought, to one where services are offered. For between one and five dollars per executable, malware could be cloaked - encrypted - against the anti-virus software programs it was likely to encounter on a for-hire basis. Finally, criminals could rent spam servers for £250 a time to distribute their assembled malware package, the company said. Corrons also provides details of the cost of hiring DDoS attacks in his blog.
Read the full article here.
An article on The Economist discusses RBN (Russian Business Company), the threats it poses to global cybersecurity, and the lack of cooperation from the Russian government. VeriSign classifies RBN as "the baddest of the bad". The anonymity of the group and its senior figures who are only known through their nicknames, and the apparent backing of politicians have led to the continuing success of its operations. "'RBN is a for-hire service catering to large-scale criminal operations,' says the report. It hosts
cybercriminals, ranging from spammers to phishers, bot-herders and all manner of other fraudsters and wrongdoers from the venal to the vicious. Just one big scam, called Rock Phish (where gullible internet users were tricked into entering personal financial information such as bank account details) made $150m last year, VeriSign estimates." Another difficulty RBN poses is its ability to fight back. This had been evident in the Rock Phish attack to the National Bank of Australia in October 2006. After taking active measures against the attack, RBN fought back by taking down the banks home-page for three days.
Despite VeriSign having tracked down the physical location of RBNs servers and the Western law enforcement officers' pressure on their Russian counterparts to pursue the investigation vigorously, RBN remains confident and active. According to VeriSign, "only strong political pressure on Russia will make the criminal justice system there deal with this glaring example of cyber-illegality."
To read the full article, go to The Economist.
Computerworld reports on a worm targeting Windows PCs that is spreading through Skype's instant messenger, making the Voice over IP (VoIP)'s chat software the next target. Dubbed Ramex.a by Skype spokesman Villu Arak, but pegged Pykspa.d by Symantec, the worm takes a typical instant messenger (IM) line of attack: After hijacking contacts from an infected machine's Skype software, it sends messages to those people that include a live link. Recipients who blithely click on the URL, which poses as a JPG image but is actually a download to a file with the .scr extension, wind up infected. Arak also listed instructions for removing the worm from infected PCs, but they included changes to the Windows registry, a chore most users are hesitant to try. Ramex.a/Pykspa.d injects code into the Explorer.exe process to force it to run the actual malware, a file named wndrivsd32.exe, periodically. The worm also plugs in bogus entries in the Windows hosts file so that installed security software won't be able to retrieve updates.
Skype is only the latest IM client to fall victim to hackers. Both Yahoo Messenger and Microsoft Corp.'s MSN/Live Messenger have been targeted this summer. Exploit code designed to hijack Windows PCs running Yahoo Messenger appeared as early as June, and Yahoo has been forced to patch the IM client several times since. Microsoft, meanwhile, has scheduled fixes for its MSN Messenger and Windows Live Messenger software for tomorrow, presumably to quash a webcam bug that was disclosed late last month.
Read more of this article here.
Tuesday, September 11, 2007
Dancho Danchevs blog has a post on the agressiveness of the Storm Worm botnet:
Stage one - infect as many end users with high speed Internet access as possible through the use of client side vulnerabilities. Stage two - ensure the longest possible lifecycle for the malware campaign by having the newly released binaries hosted at the infected PCs themselves. Stage three - take advantage of fast-flux networks to make it harder to shut down the entire botnet. And stage four - strike back at any security researcher or vendor playing around with Storm Worm's fast-flux network or somehow messing up with the malicious economies of scale on a worldwide basis. On Friday I received an email from Susan Williams at aa419.org, and as it looks like several other anti-fraud sites are getting DDoS-ed too :
"On September 2 2007, online scammers began an automated DDoS attack against aa419.org, with the goal of shutting down the anti-fraud site. For some time, aa419 was able to filter the worldwide botnet's attacks by monitoring connections and only allowing legitimate visitors to access thesite. However, by September 5 the hoster was being overwhelmed with nearly 400 GB of incoming requests every hour. Rather than let their infrastructure melt under the onslaught, the server is currently offline. This massive distributed denial of service (DDoS) attack was inspired by aa419.org's mission to blacklist and shut down scam web sites. Since 2004, the all-volunteer organization has recorded more than 18,000 such sites. In addition to publicly warning potential victims of fraud, they work with hosters and registrars to take scam web sites offline quickly, with a success rate of over 97% shut down. Susan Williams, press officer for aa419.org, said, "On the whole, we're positive about this. Not that we enjoy being offline; quite the opposite. But being attacked with a botnet of this magnitude tells us that we are doing serious damage to the organized crime networks that run these scams." Internet crime is increasing at record rates, and aa419.org is at the forefront of the fight against it. "We will continue our work regardless of how many criminals are annoyed by it," Williams said."
"This newest ddos round started about a week ago and knocked us offline for a couple hours while we figured out what was going on. And we're still under attack, so if the site is a bit slower, you know why. Odd month really, lots of sites, lots of sites, are under ddos. We've got over 10k bots attacking us with more being added daily.""
Spamnation reports that the popular scambaiting site 419Eater and the anti-scam site Scamwarners are the latest anti-spam sites to fall victim to a distributed denial of service (DDoS) attack. Artists against 419 was also hit recently as well as another useful anti-scam site, CastleCops, along with other sites hosting antispam forums.
Spamnation asserts that the Zhelatin (Storm Worm) gang is responsible for a number of other DDoS attacks this year, including an attack against anti-spam sites and download sites operated by a rival spam gang. Zhelatin are known to have spare capacity at the moment. There have been reports that they have built up a botnet containing more than a million computers, not all of which are currently being used for stock and pill spam.
For spam gangs like Zhelatin, a DDoS attack appears to be another opportunity to exploit. When the Zhelatin botnet gets to break in a site, it's more likely that the attack has been commissioned by one of their customers. In the same way that a customer can order a stock spam run, they can request a DDoS attack (although it has been claimed that DDoS attacks cost more than regular spam runs, because there is a greater risk that ISPs or law enforcement will react aggressively to shut down the machines involved).
Read full article here.
Monday, September 10, 2007
Peter Gutmann of the Department of Computer Science, University of Auckland presents how "malware has come a long way since it consisted mostly of small-scale (if prolific) nuisances perpetrated by script kiddies. Today, it's increasingly being created by professional programmers and managed by international criminal organisations. The Commercial Malware Industry looks at the methods and technology employed by the professional malware idustry, which is turning out "product" that matches (and in some cases even exceeds) the sophistication of standard commercial software, but with far more sinister applications."
The presentation discusses extensively how the malware industry has evolved from The Numbers Racket to organized crimes and even further now into the Spam, Carding, Phishing and Botnet businesses, among others. Provided in the presentation as well are case studies and examples, statistics, and technical mechanisms of these growing internet crimes as services.
Read more on Peter Gutmann's work here.
Researchers say the growing botnet has enough distributed power to launch a damaging attack against major businesses or even countries. The Storm worm botnet has grown so massive and far-reaching that it easily overpowers the world's top supercomputers. That's the latest word from security researchers who are tracking the burgeoning network of machines that have been compromised by the virulent Storm worm, which has pounded the Internet non-stop for the past three months. Despite the wide ranging estimates as to the size of the botnet, researchers tend to agree that it's one of the largest zombie grids they've ever seen. According to Matt Sergeant, chief anti-spam technologist with MessageLabs, "in terms of power, [the botnet] utterly blows the supercomputers away. If you add up all 500 of the top supercomputers, it blows them all away with just 2 million of its machines. It's very frightening that criminals have access to that much computing power, but there's not much we can do about it." Sergeant adds that researchers at MessageLabs see about 2 million different computers in the botnet sending out spam on any given day, and he estimates the botnet generally is operating at about 10% of capacity. Adam Swidler, a senior manager with security company Postini, told InformationWeek that while he thinks the botnet is in the 1 million to 2 million range, he still thinks it can easily overpower a major supercomputer.
Cyber criminals who control the botnet have a tremendous amount of destructive power. Early this summer, the Baltic nation of Estonia was pounded in a cyberwar that saw distributed denial-of-service attack primarily targeting the Estonian government, banking, media, and police sites.
Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware. The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently. MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it. "If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.
Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money. Swidler said that since mid-July, Postini researchers have recorded 1.2 billion e-mails that have been spit out by the botnet. A record was set on Aug. 22 when 57 million virus-infected messages -- 99% of them from the Storm worm -- were tracked crossing the Internet. According to researchers at SecureWorks, the botnet sent out 6,927 e-mails in June to the company's 1,800 customers. In July, that number ballooned to 20,193,134. Since Aug. 8, they've counted 10,218,196.
Read full article at InformationWeek.
Wednesday, September 05, 2007
Security firm Sunbelt recently discovered that the Bank of India's hacked website was serving dangerous malware, and the infamous Russian Business Network, an ISP linked to child pornography and phishing, is behind the attack. The service provider in question has developed a notorious reputation. According to VeriSign threat intelligence analyst Kimberly Zenz, the Russian Business Network (RBN) is different to other service providers because "unlike many ISPs that host predominately legitimate items, RBN is entirely illegal. A scan of RBN and affiliated ISPs' net space conducted by VeriSign iDefense analysts failed to locate any legitimate activity. Instead, [our] research identified phishing, malicious code, botnet command-and-control, denial-of-service attacks and child pornography on every single server owned and operated by RBN."
Patrik Runald, senior security specialist at F-Secure, said: "No one knows who the RBN is. They are a secret group based out of St Petersburg that appears to have political connections. The company doesn't legitimately exist. It's not registered and provides hosting for everything that's bad. Their network infrastructure is behind a lot of the bad stuff we're seeing and it has connections to the MPack Group [a well-known group of cybercriminals which used MPack software to steal confidential data]." Runald said that, in the case of the Bank of India's hacked website, RBN used an Iframe to launch another window which then pushed victims to a webpage containing malicious code. The Trojans used in this case were designed to steal passwords from PCs and upload Trojan proxies in aide of developing a botnet.
Read the full article on ZDNet.co.uk.
BBC News reports that easy to use tools that automate attacks on computers are being produced by malicious hackers, according to security experts, ranging from individual viruses to comprehensive kits that let budding cyber thieves craft their own attacks. The top hacking tools may cost up to £500, with some providing 12 months of technical support. Tim Eades from security company Sana said that malicious hackers had evolved over the last few years and were now selling the tools they used to use to the growing numbers of cyber thieves. Individual malicious programs cost up to £17 (25 euros), he said. At the top end of the scale, said Mr Eades, were tools like the notorious MPack which costs up to £500. The regular updates for the software ensure it uses the latest vulnerabilities to help criminals hijack PCs via booby-trapped webpages. It also includes a statistical package that lets owners know how successful their attack has been and where victims are based. MPack has been very popular among criminally minded groups and in late June 2007 managed to subvert more than 10,000 websites in one attack that drew on the tool.
Paul Henry, vice president of Secure Computing, said there were more than 68,000 downloadable hacking tools in circulation. The majority were free to use and took some skill to operate but a growing number were offered for sale to those without the technical knowledge to run their own attacks such as Mpack, Shark 2, Nuclear, WebAttacker, and IcePack. Mr Henry said the tools were proving useful because so
many vulnerabilities were being discovered and were taking so long to be patched. Many hacking groups were attracted to selling the kits
because it meant they took little risk themselves if the malicious software was used to commit crimes. "The only thing you are going to find is a disclaimer that this was distributed for educational purposes and the user accepts any responsibility for any misuse," he said.
To read full article, click here.
Thursday, November 30, 2006
Tuesday, June 13, 2006
Microsoft today gave the world a rare - albeit conservative - glimpse of its view on just how bad the virus and bot problem has gotten for Windows users worldwide.
The data comes from 15 months' worth of experience scanning computers with its "malicious-software removal tool," a free component that Microsoft offers Windows XP, Windows 2000 and Windows Server 2003 users when they download security updates from Microsoft.
More information can be found here.
Monday, May 22, 2006
The April MessageLabs Intelligence Report includes analysis of the threat landscape during the first quarter of 2006. Overall, threat levels remained largely stable with previous months, with the U.S. continuing to play the role as the largest source of malware, spam and phishing attacks, hosting 18.1 percent of the worlds compromised (zombie) computers in the first quarter of 2006 (down from a high of 44 percent in Q2 05).
More information can be found here.
Use the Internet at home and you have a 1-in-3 chance of suffering computer damage, financial loss, or both because of a computer virus or spyware that sneaks onto your computer. That's one of the unsettling conclusions from the 2005 Consumer Reports State of the Net survey of online consumers.
More information can be found here.
Monday, May 01, 2006
A new wave of spam could be on the way that tricks recipients by looking like its a message sent from their friends' e-mail address. This sort of spam would bypass even those filters that currently weed out 99% of the bad stuff, says John Aycock, an assistant professor of computer science at the University of Calgary.
Aycock and student Nathan Friess conducted research and wrote a paper dubbed "Spam Zombies from Outer Space" to show that generating such customized spam -- such as in the form of e-mail replies -- would not be too difficult, as has been assumed in the past. Spammers have leaned toward bulk e-mail generation that is less customized.
More information can be found here.
Thursday, April 27, 2006
Via Schneier on Security comes news of a Kaspersky Labs report on extortion scams using malware:
We've reported more than once on cases where remote malicious users have moved away from the stealth use of infected computers (stealing data from them, using them as part of zombie networks etc) to direct blackmail, demanding payment from victims. At the moment, this method is used in two main ways: encrypting user data and corrupting system information.
Users quickly understand that something has happened to their data. They are then told that they should send a specific sum to an e-payment account maintained by the remote malicious user, whether it be EGold, Webmoney or whatever. The ransom demanded varies significantly depending on the amount of money available to the victim. We know of cases where the malicious users have demanded $50, and of cases where they have demanded more than $2,000. The first such blackmail case was in 1989, and now this method is again gaining in popularity.
In 2005, the most striking examples of this type of cybercrime were carried out using the Trojans GpCode and Krotten. The first of these encrypts user data; the second restricts itself to making a number of modifications to the victim machine's system registry, causing it to cease functioning.
Monday, April 24, 2006
Looking back, 2005 saw a rise in profit-driven attacks. These were reflected by phishing, which now represents as much as one percent of the global e-mail traffic and is far more effective than spamming.
Viruses, worms, and malicious software are becoming part and parcel of information and communications technology. According to Trend Micro's report, called Virus and Spam Roundup 2005 and Predictions for 2006, this year will see more spy phishing and spear phishing on the Internet.
More information can be found here.
Wednesday, March 01, 2006
A group of security researchers claims to have found the first virus that can jump to a mobile device after infecting a PC.
"Crossover is the first malware to be able to infect both a Windows desktop computer as well as a PDA running Windows Mobile for Pocket PC," the research group said.
For more information, please click here.
Sunday, February 26, 2006
Programs that fight viruses have become a necessary evil on Windows PCs. Now the antivirus industry is turning its attention to mobile phones, but it's running into reluctance from cell service providers, who aren't so sure that the handset is the best place to handle security.
For more information, click here.
Thursday, February 16, 2006
OECD Scoping Study for the Measurement of Trust in the Online Environment:
Creating an online environment which builds on trust
among users of ICT networks is an increasing priority for business,
industry and governments and has been on the OECD agenda since the late
1990s. The aim of this report is to undertake a review of the data
available from official, semi-official and private sources which can
assist in informing developments and progress in this area. There is a
need to be able to use relevant data to assess the effectiveness of
public and private initiatives aimed at building trust among users.
Friday, February 10, 2006
Bruce Schneier's Schneier
on Security points to a paper dismissing the myth that worms won't be able to propagate under IPv6.
Friday, November 04, 2005
Virus scanners made moot by new exploit.
Recently, researcher Andrey Bayora revealed that it is possible to fool the scanners into thinking that a file under scan is one kind, when it is in actuality something entirely different. Bayora (of www.securityelf.org), a Russian-born Israeli, has issued an advisory that details how to bypass many popular Windows AV programs.
The London Action Plan of spam enforcement authorities has a new website with news. A spam enforcement workshop is now taking place in London:
The Office of Fair Trading, through the UK presidency of the European Union, has invited members of the London Action Plan (LAP) network and the Contact Network of Spam Authorities (CNSA) to participate in a two-day spam enforcement workshop. The workshop will be held in London at the Department of Trade and Industry Conference Centre on Thursday 3rd and Friday 4th November 2005.
Monday, July 25, 2005
The Anti-Spyware Coalition proposed a standardized definition of "spyware" on July 12, 2005. The definition, which is open for public comment until August 12, is intended to serve as the foundation for a more unified approach to tackling the spyware problem. In addition to defining spyware, the coalition's first public document also offers uniform definitions of other commonly used terms like "adware" and "cookie," and offers tips for users to avoid downloading unwanted programs.
For more information, see the full article.
For comments on the Anti-Spyware Coalition definitions, click here.
Wednesday, May 25, 2005
From the FTC's Operation Spam Zombies page:
Spammers use home computers to send bulk emails by the millions. They take advantage of security weaknesses to install hidden software that turns consumer computers into mail or proxy servers. They route bulk email through these "spam zombies," obscuring its true origin.
As part of a worldwide effort to prevent these abuses, the FTC announces "Operation Spam Zombies." In partnership with 20 members of the London Action Plan and 16 additional government agencies from around the world, the Commission is sending letters to more than 3000 Internet service providers (ISPs) internationally, encouraging them to take the following zombie-prevention measures:
- block port 25 except for the outbound SMTP requirements of authenticated users of mail servers designed for client traffic. Explore implementing Authenticated SMTP on port 587 for clients who must operate outgoing mail servers.
- apply rate-limiting controls for email relays.
- identify computers that are sending atypical amounts of email, and take steps to determine if the computer is acting as a spam zombie. When necessary, quarantine the affected computer until the source of the problem is removed.
- give your customers plain-language advice on how to prevent their computers from being infected by worms, trojans, or other malware that turn PCs into spam zombies, and provide the appropriate tools and assistance.
- provide, or point your customers to, easy-to-use tools to remove zombie code if their computers have been infected, and provide the appropriate assistance.
In a later phase, the Operation plans to notify Internet providers worldwide that apparent spam zombies were identified on their systems, and urge them to implement measures to prevent that problem.
Letter text translations (provided by participating agencies):
Wednesday, May 18, 2005
Paul F. Roberts writes over on eWeek: The U.S. Department of Defense is soliciting bids for a massive anti-spyware software contract that will protect systems across the military. The deal could be a major opportunity for anti-spyware startups to score a victory against established anti-virus vendors. [via Fergie's Tech Blog]