Spyware, Viruses, & Security forum


NEWS - December 10, 2012

by Carol~ Forum moderator / December 10, 2012 1:39 AM PST
Ransom hackers encrypt medical centre's entire database

An Australian medical centre is reported to be considering paying a ransom demand of $4,000 AUD (£2,600) after blackmailers broke into the organisation's servers and encrypted its entire patient database.

According to ABC News, Miami Family Medical Centre on the country's Gold Coast had called in a third-party contractor to try and restore the data from backups but it remained unclear whether this would prove sufficient to return the database to its previous state.

"We're trying to work out how to pay the hackers or find someone to decrypt the information," said centre co-owner David Wood.

The centre was continuing to receive patients but Wood admitted this was proving "very, very, very difficult" without patient records.

Continued : http://news.techworld.com/security/3415635/ransom-hackers-encrypt-medical-centres-entire-database/

Australian Medical Records Encrypted, Held Ransom
Patient records held to ransom in Australia
Hackers hold Australian medical records to ransom
Post a reply
Discussion is locked
You are posting a reply to: NEWS - December 10, 2012
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - December 10, 2012
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Latest on Police Ransomware - It Speaks!
by Carol~ Forum moderator / December 10, 2012 2:17 AM PST

From the Trendlabs Security Intelligence Malware Blog:

Yes, it does. And depending on where you are located, it can even speak in your mother tongue.

As discussed in our paper Police Ransomware Update, the people behind police Trojan/Ransomware have implemented improvements to make this threat more effective. Gone are the days when ransomware simply showed a message that users' systems are "captured" and that they have to pay for a fee to have them back.

These days, this new breed of ransomware notifies users of the fee (or ransom) under the guise of the victim's local law enforcement agencies. Thus, a user with a ransomware-infected system from France will get a notification from the Gendarmerie Nationale, while a US-based one will likely receive a message from the FBI.

To level up the ante, we received a report that a new police Trojan variant even has a "voice". Detected as TROJ_REVETON.HM, it locks the infected system but instead of just showing a message, it now urges users to pay verbally. The user won't need a translator to understand what the malware is saying - it speaks the language of the country where the victim is located.
[Screenshot: Ransomware Warning Screen]

Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/latest-on-police-ransomware-it-speaks/

Collapse -
Chinese Espionage Attacks Against Ruskies?
by Carol~ Forum moderator / December 10, 2012 2:17 AM PST

Hardly a week goes by without news of a cyber espionage attack emanating from China that is focused on extracting sensitive data from corporations and research centers in the United States. But analysis of a recent malware campaign suggests that Chinese cyberspies may be just as interested in siphoning secrets from Russian targets.

Researchers at Milpitas, Calif. based security firm FireEye say they spotted an email attack of apparent Chinese origin that used Russian language lures to steal data from mostly Russian victims. The email malware campaign embedded a Microsoft Word exploit that displayed a decoy document containing news about a meeting of ASEAN, the Association of Southeast Asian Nations.

According to FireEye's Alex Lanstein, this campaign had its control infrastructure in Korea and Japan, but clues point to Chinese design and operation. The malicious Word document sample that kicked this off was authored from a Microsoft Windows system that was set to use the language pack "Windows Simplified Chinese (PRC, Singapore). The researchers also say they were able to gain access to the control server used in the attack, which revealed systems logging in from China to check on new victims.

Continued: http://krebsonsecurity.com/2012/12/chinese-espionage-attacks-against-ruskies/

Collapse -
Botnet hidden in the Tor network
by Carol~ Forum moderator / December 10, 2012 2:17 AM PST

The Security Street blog has found a botnet client, the operator of which is hiding behind the Tor network. This trick makes the work of security experts and criminal prosecutors much more difficult. The malicious botnet software, called "Skynet", is a trojan that Security Street found on Usenet. At 15MB, the malware is relatively large and, besides junk files intended to cover up the actual purpose of the download file, includes four different components: a conventional Zeus bot, the Tor client for Windows, the CGMiner bitcoin tool and a copy of OpenCL.dll, which CGMiner needs to crack CPU and GPU hashes.

Claudio Giarnieri and Mark Schloesser write that they recently stumbled on the unusual botnet and, at first, had problems figuring out its origin. Although they did notice parallels between Skynet and information posted by GData in September about a similar Tor botnet. An analysis of the client showed that it uses Tor hidden services, which were added to the Tor network to allow the use of internet services without letting their server IP addresses be tracked. This feature of the Tor network can protect whistleblowers, but it can also provide a sanctuary to botnet operators.

Continued : http://www.h-online.com/security/news/item/Botnet-hidden-in-the-Tor-network-1765530.html

Tor network used to command Skynet botnet
Researchers Discover Botnet Powered by TOR

Collapse -
Beware of Bitcoin miner posing as Trend Micro AV
by Carol~ Forum moderator / December 10, 2012 2:17 AM PST

Malware almost always comes in disguise, but some malware peddlers try to do a better job than others.

Trend Micro researchers have recently uncovered a piece of malware that tried to pass itself off as "Trend Micro AntiVirus Plus AntiSpyware": [Screenshot]

Unfortunately for whose who get fooled, the software in question is a Trojan that creates the process svchost.exe and downloads additional malicious components such as a Bitcoin miner application created by Ufasoft. This particular application will, unbeknownst to the victim, use the infected system's resources to create Bitcoins for the people behind this scheme.

"This attack is timely because of the news that Bitcoin Central has been approved by the law to function as a bank where exchange from Euro and Bitcoins are now possible," the researchers noted.

It is, therefore, likely that we'll soon see an uptick in Bitcoin-mining malware.

As always, users are advised to avoid downloading software from unknown websites and following links embedded in unsolicited emails.


Collapse -
Team Ghostshell Allegedly Dumps 1.6 M Aerospace, ...
by Carol~ Forum moderator / December 10, 2012 3:46 AM PST
... Nanotechnology Records

Hacktivist collective Team Ghostshell is claiming this morning to have spilled 1.6 million accounts from a handful of companies in the aerospace, nanotechnology, banking, law, education and government realm, a hack the group deems Project White Fox.

The group claims White Fox is its "final stand" this year in a lengthy diatribe posted to Pastebin. The post goes on about internet freedom, espionage and trolling before addressing the actual leak.

The leaked information was purportedly taken from the European Space Agency, NASA's Center for Advance Engineering and Bigelow Aerospace, along with about a dozen other companies. The divulged data appears to be a dump of names, passwords - some hashed, some plain text--resumes, admin logins, phone numbers and e-mail addresses, among other bits of information.

The group goes on to boast that it also sent a series of e-mails detailing vulnerable servers and general security flaws to the Washington and Seattle divisions of the FBI, ICS-CERT, and the Homeland Security Information Network, to name a few.

Continued : https://threatpost.com/en_us/blogs/team-ghostshell-allegedly-dumps-16-m-aerospace-nanotechnology-records-121012

Team GhostShell leaks 1.6M account details
GhostShell Hackers Leak 1.6 Million Records from over 30 High-Profile Sites
Collapse -
'Jacked frost' Facebook scam goes wild and doubles ..
by Carol~ Forum moderator / December 10, 2012 3:46 AM PST
.. over the weekend

From the Websense Security Labs Blog:

Last week we wrote a blog about a specific Facebook scam that appeared to spread rather aggresively. We have decided to nickname the scam "Jacked Frost." The Websense ThreatSeeker network detected that the scam has increased and multiplied over the weekend - particularly on Saturday where we saw the amount of unique URLs related to this scam double. This shows how cyber crooks time their attacks to times where users are more laid back and when the security community is less likely to alert users on this type of threat.

Here is the link to our blog that describes this in more detail. The scam spreads using click-jacking techniques and employs a mass number of varied scam hosts by using the infrastructure of the legitimate service at freedns.afraid.org.

A graph showing the volume of unique scam URLs vs. active URLs (available URLs) over the past few days: [Screenshot]

Screenshot of the scam's main page: [Screenshot]

Continued : http://community.websense.com/blogs/securitylabs/archive/2012/12/10/jackfrost-facebook-scam-going-wild-and-doubles-over-the-weekend.aspx
Collapse -
Only 15% of known malware caught by Android 4.2's verifier
by Carol~ Forum moderator / December 10, 2012 3:46 AM PST

One of the enhancements in Android 4.2 was a new app verification service that tested applications being installed against a Google service in the cloud to see whether the app was known to contain malware or not. If the results of Xuxian Jiang's research are correct, Google will need to do a lot more work on the feature to make it useful, as only 15 per cent of the known malware samples tested on the service were detected.

Jiang, an associate professor at NC State University, took Nexus 10 tablets running Android 4.2 and, using semi-automated installations, loaded 1260 malware samples from the Android Malware Genome Project onto the devices. Of the 1260 samples only 193 were detected as malware. The researcher also performed a test comparing Google's verification against a range of ten different existing anti-virus applications through VirusTotal, looking at randomly selected malware samples from each malware family. The anti-virus applications run by VirusTotal ranged in efficacy from 100% to 51%, but the Android App verification system scored only 20.4%; VirusTotal was acquired by Google in September 2012.

Continued: http://www.h-online.com/security/news/item/Only-15-of-known-malware-caught-by-Android-4-2-s-verifier-1765724.html

Collapse -
Complaint from BBB really contains malware attack
by Carol~ Forum moderator / December 10, 2012 3:46 AM PST

The Better Business Bureau (BBB) is well known in North America for championing consumer rights, so if you run a company in the United States or Canada and receive a complaint from the organisation chances are that you will want to take it seriously.

Which is precisely what the cybercriminals behind the latest malware attack being spammed around the world are banking on.

Email messages have been sent to addresses around the world, posing as a communication from the BBB.

Here's a typical example (click on the image below for a larger version): [Screenshot]

Here is the full text of the message:

Continued : http://nakedsecurity.sophos.com/2012/12/10/better-business-bureau-malware/

Collapse -
Aramco Says Cyberattack Was Aimed at Production
by Carol~ Forum moderator / December 10, 2012 4:05 AM PST

Saudi Arabia's national oil company, Aramco, said on Sunday that a cyberattack against it in August that damaged some 30,000 computers was aimed at stopping oil and gas production in Saudi Arabia, the biggest exporter in the Organization of the Petroleum Exporting Countries.

The attack on Saudi Aramco — which supplies a tenth of the world's oil — failed to disrupt production, but was one of the most destructive hacker strikes against a single business.

"The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals," Abdullah al-Saadan, Aramco's vice president for corporate planning, said on Al Ekhbariya television. It was Aramco's first comments on the apparent aim of the attack.

Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying that their motives were political and that the virus gave them access to documents from Aramco's computers, which they threatened to release. No documents have yet been published.

Continued : http://www.nytimes.com/2012/12/10/business/global/saudi-aramco-says-hackers-took-aim-at-its-production.html

Saudi Aramco: Insiders Didn't Help Hackers Breach Our Systems
Saudi Aramco: Foreign hackers tried to cork our gas output

Collapse -
John McAfee: Let me go to the USA - or old Blighty
by Carol~ Forum moderator / December 10, 2012 4:05 AM PST

Former anti-virus mogul turned fugitive John McAfee has appealed to be allowed to return to the United States rather than deported from Guatemala to Belize.

Authorities in Belize want to question McAfee as a person of interest in the murder of his neighbour, Gregory Faull. McAfee went into hiding with his 20-year-old girlfriend Samantha following the start of investigations into Faull's murder on 11 November.

McAfee become the target of a bizarre* and highly publicised man hunt over the subsequent three weeks before finally surfacing in neighbouring Guatemala, where he was arrested for illegal entry to the country. McAfee's location just before his arrest was spilled by the metadata embedded in a photo published by the online lifestyle mag Vice. Reporters from Vice were traveling with McAfee around the time he crossed the border from into Guatemala.

Arrest last week failed to dampen McAfee's spirits. He was given access to a computer and an internet connection, allowing him to update followers of his blog (which he started on the run) to his assessments that the local jails were better than those in Belize and the coffee was "excellent". McAfee requested asylum in Guatemala but the request was turned down by Guatemala's foreign minister: however a judge granted a stay of execution against deportation. McAfee was subsequently rushed to hospital with what at first appeared to be a minor heart attack but turned out to be only the results of the 67 year-old losing consciousness due to dehydration and ill-advised chain smoking during which he fell against a wall and further injured himself.

Continued : http://www.theregister.co.uk/2012/12/10/john_mcafee_bizarre_press_conference/

Related : John McAfee Hosts Press Conference from Guatemala - Video

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Having Wi-Fi troubles?

From the garage to the basement, we blanketed every square inch of the CNET Smart Home with fast, reliable Wi-Fi.