Ο Ντιμιτρι Ολεγκοβιτς Ζουμπακα, ένας άνθρωπος που κατηγορήθηκε για την έναρξη απο μια σειρά επιθέσεων DDoS στο Amazon.com, έχει συλληφθεί αυτήν την βδομάδα απο τις αρχές της Κύπρου σύμφωνα με διεθνές ένταλμα, όπως το Τμήμα Δικαιοσύνης αποκάλυψε.
“Η έρευνα με αποκορύφωμα την σύλληψη του Dmitry Zubakha απο τις αρχές στην Κύπρο ήταν εξαιρετικά πολύπλοκη. Η σύλληψη του Zubakha είναι ένα αποτέλεσμα απο μια συντονισμένη προσπάθεια απο την Μυστική Υπηρεσία, το Δικηγορικό Γραφείο των Ηνωμένων Πολιτειών για την Δυτική Περιφέρεια της Ουάσιγκτον και το Αστυνομικό Τμήμα του Σιάτλ,” είπε ο James Helminski απο την Μυστική Υπηρεσία Ηνωμένων Πολιτειών στο Σιάτλ.
“Θα ήθελα επίσης να επαινέσω το Amazon.com για την ειλικρίνεια και την βοήθεια για την αντιμετώπιση με αυτήν την σειρά απο επιθέσεων στο δίκτυο υπολογιστών που είχε ενδεχομένως επηρεαστεί δυσμενώς απο την ικανότητα να υπηρετεί τους πελάτες της.”
Read More ...
Se afișează postările cu eticheta cyber crime. Afișați toate postările
Se afișează postările cu eticheta cyber crime. Afișați toate postările
luni, 23 iulie 2012
duminică, 10 iunie 2012
sâmbătă, 9 iunie 2012
duminică, 3 iunie 2012
vineri, 1 iunie 2012
luni, 28 mai 2012
'Flame' cyberespionage worm discovered on thousands of machines across Middle East
The UN's International Telecommunications Union and Kaspersky Labs revealed today that it has discovered Flame, a new trojan rivaling Stuxnet. Codenamed "Worm.Win32.Flame," the malware is currently being researched and it is described as "one of the most complex threats ever discovered." It is believed to be active across thousands of computers in the Middle East, primarily in Iran and Israel, as well as on some machines in North Africa.
Researchers believe that the trojan's primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers.
Flame "has no major similarities with Stuxnet" or its malware family member Duqu, and is believed to be created and controlled by a separate group. The newly-discovered worm does share some aspects with Stuxnet and Duqu, however. Most disappointingly, Flame takes advantage of the same printer spooling hole and autorun.inf infection methods exploited by Stuxnet. According to Kaspersky Lab's reports, it's believed that Flame achieves its initial infection from users who are victims of phishing attacks, and then once it has made it onto a computer it can be spread over local area networks or via USB flash drives with other machines.
The bad news is that it's confirmed that the worm has spread over local area networks to fully-patched Windows 7 systems, but the good news is that you shouldn't have to worry about Flame breaking into your PC in its current form. As a cyberespionage tool, the trojan has been seen targeting some individuals, but also education and government organizations mainly in the Middle East. Additionally, the research says that the worm surveys a system and will then uninstall itself from machines it thinks are not interesting.
Why is Flame considered to be such a complex threat, then? Well, the malware itself can be up to as large as 20MB — about twenty times larger than Stuxnet. This size is part of what makes Flame unique. According to Kaspersky, most malware is as simple and small as possible, as that makes it easiest to hide the malicious code and get it onto unsuspecting machines. In this case, however, Flame's size made it hard to detect since no one was looking for it. Part of the reason why Flame is so large is because it has optional plug-ins that can be added after a machine is infected to try and get specific data. Different machines have different assortments of plug-ins on them; that 20MB maximum size includes all 20 different plug-ins that have been discovered. Unfortunately, that massive size is going to make it difficult for researchers to get their hands around Flame: Kaspersky says that since it took "several months" to understand Stuxet's 500KB of code, it's expected that Flame may require a year's worth of effort.
Researchers believe that the trojan's primary function is cyberespionage: once Flame infects a computer, it is equipped to record audio from connected or built-in microphones, monitor nearby Bluetooth devices, take screenshots, and save data from documents and emails. All of this data, apparently stolen as part of a targeted attack, is constantly sent up to command and control servers.
Flame "has no major similarities with Stuxnet" or its malware family member Duqu, and is believed to be created and controlled by a separate group. The newly-discovered worm does share some aspects with Stuxnet and Duqu, however. Most disappointingly, Flame takes advantage of the same printer spooling hole and autorun.inf infection methods exploited by Stuxnet. According to Kaspersky Lab's reports, it's believed that Flame achieves its initial infection from users who are victims of phishing attacks, and then once it has made it onto a computer it can be spread over local area networks or via USB flash drives with other machines.
The bad news is that it's confirmed that the worm has spread over local area networks to fully-patched Windows 7 systems, but the good news is that you shouldn't have to worry about Flame breaking into your PC in its current form. As a cyberespionage tool, the trojan has been seen targeting some individuals, but also education and government organizations mainly in the Middle East. Additionally, the research says that the worm surveys a system and will then uninstall itself from machines it thinks are not interesting.
Why is Flame considered to be such a complex threat, then? Well, the malware itself can be up to as large as 20MB — about twenty times larger than Stuxnet. This size is part of what makes Flame unique. According to Kaspersky, most malware is as simple and small as possible, as that makes it easiest to hide the malicious code and get it onto unsuspecting machines. In this case, however, Flame's size made it hard to detect since no one was looking for it. Part of the reason why Flame is so large is because it has optional plug-ins that can be added after a machine is infected to try and get specific data. Different machines have different assortments of plug-ins on them; that 20MB maximum size includes all 20 different plug-ins that have been discovered. Unfortunately, that massive size is going to make it difficult for researchers to get their hands around Flame: Kaspersky says that since it took "several months" to understand Stuxet's 500KB of code, it's expected that Flame may require a year's worth of effort.
theverge.com
vineri, 25 mai 2012
Hackers Reveal the Price of iOS Jailbreaks at HITB 2012 Amsterdam
There have been a lot of interesting developments here at Hack in the Box in Amsterdam, and one of them is the first ever union of the jailbreak Dream Team. Today, Softpedia has had the chance to interview the members of the Chronic Dev Team and learn some things that many were probably curious about.
One of the topics we discussed referred to the financial value of jailbreaks. So how much is their work and the information they possess worth?
“This is hard to answer. I think it depends on who you sell your exploits to, if it’s for the underground or the legal scene,” Pod2g said.
“This is a difficult question to answer, but it's a lot. Every jailbreak exploit represents like, maybe, $100,000. This is the price of all root exploits.”
We then asked him to comment on a recent statement in which he said he wouldn’t sell the beta version even for $1 million (760,000 EUR).
“I wrote that, but it's not all about the money. We're doing this for the fame of course. We're doing it for the people, because we want people to be able to have their devices jailbroken,” he explained.
“This is what we're doing. This is what we like, so this is not about money. That's why even if we could get anything from these jailbreaks, if the only thing we could get is to make people happy, that is enough for us.”
It’s interesting to see a price estimate for the jailbreaks, but as the hackers highlighted, it’s not all about the money. There probably isn’t a researcher in the world who would refuse money if someone wanted to reward him, but these guys really gave us the impression, during our talk, that they’re really in it for the challenge and the users, not for their personal gain.
softpedia.com
sâmbătă, 19 mai 2012
Hacker Behind “Call of Duty” Trojan Sent to Prison for 1.5 Years
Many gamers may have noticed the Trojan-infected file that’s being advertised as a patch for the popular Call of Duty game. As it turns out, the mastermind behind this scheme is a 20-year-old student from the UK who has used the malware to collect credit card details from the affected computers.
Kent Online reports that Lewis Martin was apprehended by police while trying to steal computer equipment from colleges in Dover and Deal.
When investigators searched his house, they uncovered documents containing 300 credit card credentials, along with passwords. The details of a fraudulent bank loan were also found.
Prosecutors accused him of using the Trojan to collect credit card details, passwords and credentials to websites such as PayPal, which he sold on the underground markets for sums between $1 (.76 EUR) and $5 (4 EUR).
Now, he has been sentenced to serve 18 months in prison for fraud and burglary charges.
Apparently, Martin was known by law enforcement representatives as a burglar, since he was caught on numerous occasions breaking into educational institutions. However, we’re more interested in the part in which he used the piece of malware to commit his crimes.
This incident shows that users subject their digital assets to numerous risks when downloading games from untrusted sources.
We’ve recently seen how most “Diablo 3 free download” searches point to malware-laden websites. With patches and key generators the problem is even more serious because most of the malicious files actually work, making users disregard the warnings displayed by their antivirus software.
What they don’t know is that while they’re happy to be playing the game, a nasty Trojan is logging their every move, stealing every bit of valuable information it finds.
“Game players would be wise to pay attention to the technique used by Lewys Martin to infect computers,” Graham Cluley, senior technology consultant at Sophos, advises.
“It's not uncommon for malware to be distributed in the form of cracks and hacks for popular computer games - if you run unknown code on your computer to meddle with a video game, you might well be allowing malware to insidiously install itself too.”
softpedia.com
Social Engineering and Hacking Skills Put to the Test at HITB 2012 Amsterdam
As we’ve mentioned on previous occasions, this year’s Hack in the Box (HITB) security conference in Amsterdam will feature a lot of great speakers and challenges. One of these will be the “Social Engineering and CTF Challenge” created and run by Sogeti Nederland B.V.
“With #SSEC2012, Sogeti Nederland is very excited to bring a social engineering element into this year’s HITBSecConf. The human factor is often referred to as the weak link in infosecurity defenses,” revealed Martin Visser, a senior security specialist.
“This challenge is aimed to not only highlight the human risk factor, but to also demonstrate the ease with which it can be compromised. Knowing what are the common pretext strategies used to fraud employees is key in protecting organisations from social engineering attacks.”
The competitor’s skills will certainly be put to the test in the contest whose purpose is to raise awareness on attacks that target the weakest link in cybersecurity, the human factor.
Over the course of two days participants will have to hack into wireless routers, social engineer the employees of high-profile Dutch companies and solve a challenge in Sogeti’s CTF web app.
For the social engineering part, contestants will have to trick company employees into performing certain tasks or handing out certain pieces of information. Of course, they will not have to obtain passwords or other sensitive data, but less significant details such as the name of the company’s catering company.
“The human element remains a major potential security vulnerability in any organisation. Verizon’s 2011 Data Breach Investigations report showed that 11% of breaches are from social engineering attacks and of these, 44% are from pretexting”, said Dhillon Andrew Kannabhiran, the founder and CEO of HITB.
Users from all around the world can join in on the action since it will be broadcasted via webcam feed and audio stream.
softpedia.com
Flashback Operators Fail to Cash Out Their “Winnings”
Some time ago Symantec revealed that the masterminds behind the now-infamous OSX Flashback Trojan made bundles of money. Further analysis, however, has shown that they may have failed to collect as a result of their operations.
Previously, we had learned that the fraudsters made money by displaying ads on compromised computers. The figures show that they’ve displayed 10 million advertisements on the devices of the affected individuals over the course of three weeks.
Of those 10 million, 400,000 were actually clicked on, which normally meant that they would have received $14,000 (10,640 EUR) from the pay-per-click (PPC) providers.
However, according to Symantec, the PPC firms don’t just hand over money to anyone without performing a few checks, this being a perfect example of a situation in which the scammers failed to bypass the anti-fraud measures.
Firms that offer PPC services are more than happy to pay up if users actually see their ads, but in click fraud cases such as this one, the victims may not see the ads, and they’re certainly not interested in the content that's being displayed because in most cases it’s irrelevant.
Furthermore, the cybercrooks may have analyzed each PPC provider to see which one suits their needs, since 98% of the adverts originate from the same organization.
While it’s estimated that a total of 600,000 machines have been infected with Flashback, in reality only 2% (around 10,000) of them were compromised to serve the final payload, the one that actually earned money.
As the researchers highlighted, the campaign was a success, but it could have been even more so, a situation in which the fraudsters could have made millions of dollars in a year.
Fortunately, they failed to collect, which may discourage others from launching such campaigns. On the other hand, the failure may make them more determined to try harder next time.
softpedia.com
Worm Uses Facebook PMs and Instant Messaging Apps to Spread
Social media platforms and popular instant messaging (IM) apps are great mediums for cybercriminals to spread their malicious elements. Trend Micro experts provide a great example of a worm that’s making its way to computers using such methods.
The researchers report that the piece of malware, identified as Worm_Steckct.evl, is distributed via a link that’s sent in private messages on Facebook and IM programs.
The shortened links contained in the posts point to an archive called “May09- Picture18.JPG_ www.facebook.com.zip” which hides a file named “May09-Picture18.JPG _www.facebook.com.” The .com extension reveals that in fact this is an executable file.
Once it’s run, the worm steps into play and terminates all the processes and services created by security software, thus ensuring that antivirus applications cannot disrupt its evildoings.
Steckct.evl then downloads another worm, detected as Worm_Eboom.ac, which monitors the victim’s browsing sessions.
The worrying part is that it doesn’t only log the posts and private messages the customer creates or deletes on Facebook, MySpace, Twitter, WordPress, or Meebo, but it can also spread by utilizing the user’s active session on these sites.
“Facebook and IM applications are tools to share and connect. Cybercriminals’ use of these tools is nothing new, but there are users who fall prey to these schemes. We recommend users to be conscious with their online behavior, in particular on social media sites,” Cris Pantanilla, Threat Response Engineer at Trend Micro writes.
As the expert highlights and as we’ve highlighted numerous times before, internauts must be wary of links that point to shady-looking websites or suspicious files.
In this particular case, it’s clear that the alleged picture taken on “May09” is not a JPG file, but an executable that’s not even so cleverly masked.
softpedia.com
marți, 15 mai 2012
Avast Warns About “FakeInst” and Alternative Android Markets
The large number of malicious websites designed to infect Android devices with the well-known Android:FakeInst SMS Trojan have made Avast security experts issue another warning to alert users of its presence. They also advise smartphone owners to beware of shady-looking alternative Android app markets.
Researchers have found several domains, such as t2file.net and uote.net, which store at least 25 new apps that mask the piece of malware.
After users are lured onto these websites, they’re presented with a phony Downloader program. The truly evil thing about this app is that it tells the victim that the operation may cost money, but the Quit button doesn’t work.
Once the installation process begins, there’s nothing you can do, but click on the Agree or OK buttons. Of course, there are methods to stop the task, but to the untrained user it appears as he/she has no other choice.
What is even more worrying is the fact that once one of these buttons is pressed, an SMS to a premium rate number is already sent out. To make matters worse, the Trojan contains premium numbers for around 60 different countries worldwide, which means that if the victim isn’t located in Antarctica, he/she will most likely end up with an inflated phone bill.
In order to prevent experts from analyzing the malware, its creators have used AES encryption to make the file inaccessible.
Each SMS sent out by Android:FakeInst costs around $4 (3 EUR), which means that the cybercriminals behind this operation can earn considerable amounts of money from users who make the mistake of downloading software from alternative markets.
“Never trust weird looking alternative markets and always check the app permissions. If you’ve downloaded a game that asks for SMS and Phone calls permissions, it probably means that someone is about to “play you” instead,” Avast’s Alena Varkočková explained.
softpedia.com
Fake Android Antivirus Served via Twitter Spam
Security researchers warn that Twitter is being flooded with shady looking posts that contain links to websites hosted on .tk domains. These websites hide malicious elements that target not only PC users, but also Android owners.
GFI Labs experts report that while PC users are served broken .jar files, Android customers are tricked into installing a fake antivirus application whose icon replicates the one of products provided by Kaspersky.
So let’s take a look at how these schemes work.
First, the cybercriminals post tweets in Russian or English that advertise all sorts of materials, mainly adult content. All the tweets contain a link to a site such as “good-graft.tk.”
Once clicked, the links open a Russian site that’s designed for both smartphone and computer owners. Depending on the device from which the website is accessed, the potential victim is served a file called VirusScanner.jar (for PC), or VirusScanner.apk (for Android).
As mentioned before, experts revealed that the .jar file seems to be broken, since an error is displayed when it is executed. However, this may change at any time, so internauts should be wary when presented with such an element.
VirusScanner.apk is a rogue antivirus application which displays the Kaspersky logo when it is installed.
Identified as Trojan.Android.Generic.a by GFI’s VIPRE Mobile Security, the piece of malware reveals its true purpose during the installation process when it asks permission to access phone calls, messages and even services that cost money.
We strongly advise you to refrain from clicking on links contained in Twitter posts if they look suspicious. Furthermore, site addresses that end in .tk are usually a good indicator of a malicious plot.
On the other hand, even if you do end up on a shady site, at least make sure you don’t install anything that’s pushed to your device.
Finally, although many argue that mobile threats are not yet so popular, users should learn to treat their smartphones just as they do their computers and install antivirus solutions from legitimate and reputable companies.
softpedia.com
Phishers to Hotmail Users: Your Account Has Been Blocked
Hotmail customers are advised to be on the lookout for emails entitled “E-mail account alert!” which notify them that their accounts have been blocked. These messages hide a link which points to a malicious website that urges the potential victim to provide his login credentials.
Here’s part of the shady notification, provided by the folks from Hoax Slayer:
This e-mail has been sent to you by Hotmail to inform you that your account has been blocked.
Why are you seeing this? Someone may have used your account to send out a lot of junk messages (or something else that violates the Windows Live Terms of Service). We're here to help you get your account back. What do you need to do?
We'll ask you to login to our secured activation page by following the link below and re-activate your account.
[Link]
If you have already confirmed your account information then please disregard this message.
Users who fall for the scam and click on the shady link are taken to a website that almost perfectly replicates the genuine Windows Live login webpage. Once the username and password are provided, the unsuspecting victim is taken to the legitimate website.
This might make him/her believe that the login simply failed. When they do sign on to their account, they may think that the re-activation process was successful.
While it is true that cybercriminals use compromised accounts to send out spam and other malicious notifications, internauts shouldn’t rush to trust every email they receive.
On the contrary! With all the malevolent plots making the rounds online, users should see every alert as a potential threat.
There are a few simple steps that can be taken to verify a notification’s legitimacy. First, look at the sender’s email address. Even though many of them are spoofed to look like they originate from a legitimate address, in some cases you will see that the sender is something like hotmail-notifications@yahoo.com.
The name of the site that hides behind the link is also very important. If the hyperlink points to any other URL than the company’s official one, it’s most likely a scam.
softpedia.com
Card Information Stolen in Global Payments Incident Used for Fraud
Union Savings Bank (USB) representatives noticed that some of the debit cards issued by the financial institution were used to commit fraud that leveraged prepaid cards. They determined that the account information utilized by the fraudsters was stolen as a result of the Global Payments incident.
According to security journalist Brian Krebs, USB notified Visa after realizing that the private school's cafe where most of the cards were used was actually a Global Payments customer.
Shortly after, the bank was contacted by Tony Higgins, a fraud investigator who worked for Safeway Inc, a grocery store chain in Nevada and Southern California.
The institution learned from Higgins that the crooks purchased Safeway prepaid cards from the stores. On the magnetic stripes of these cards they encrypted account information from USB.
To make their trail hard to follow, they used them to purchase other prepaid cards with which they bought electronics and expensive products.
The investigator told Doug Fuller, USB’s chief risk officer, that the fraudsters were committing their crimes mostly in Las Vegas, but also in nearby states. He believed that they were actually from Los Angeles and San Diego, but came to Vegas to make use of the payment cards.
Apparently, around 1,000 Union Savings Bank debit accounts were compromised as a result of the Global Payments breach, the losses suffered by the organization totaling up to $75,000 (57,000 EUR), plus another $10,000 (7,600 EUR) which it spent on reissuing cards.
Higgins told the risk officer that the Bank of Oklahoma and Fulton Bank were also on the list of victims.
While Global Payments representatives hold on to their side of the story, claiming that no more than 1.5 million accounts have been compromised, others believe that more than 7 million card owners may be exposed.
softpedia.com
Abonați-vă la:
Postări (Atom)