Spyware, Viruses, & Security forum

Alert

NEWS - July 26, 2013

by Carol~ Forum moderator / July 25, 2013 11:59 PM PDT
Hacker Ring Stole 160 Million Credit Cards

U.S. federal authorities have indicted five men — four Russians and a Ukrainian - for allegedly perpetrating many of the biggest cybercrimes of the past decade, including the theft of more than 160 million credit card numbers from major U.S. retailers, banks and card processors.

The gang is thought to be responsible for the 2007 breach at credit card processor Heartland Payment Systems that exposed some 130 million card numbers, as well as the 2011 breach at Global Payments that involved nearly a million accounts and cost the company almost $100 million.

Federal prosecutors in New York today called the case the largest hacking scheme ever prosecuted in the U.S. Justice Department officials said the men were part of a gang run by Albert "Soupnazi" Gonzalez, a hacker arrested in 2008 who is currently serving a 20-year-prison sentence for his role in many of the breaches, including the theft of some 90 million credit cards from retailer TJX.

Continued : http://krebsonsecurity.com/2013/07/hacker-ring-stole-160-million-credit-cards/

Also:
"NASDAQ is owned." Five men charged in largest financial hack ever
Hacking Ring Charged After Massive Losses, Attacks on NASDAQ, Visa, Others
U.S. Says Ring Stole 160 Million Credit Card Numbers
List of businesses targeted by global hacking ring that stole credit, debit card numbers
Post a reply
Discussion is locked
You are posting a reply to: NEWS - July 26, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - July 26, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
DHS to Launch Cybersecurity Marketplace
by Carol~ Forum moderator / July 26, 2013 12:23 AM PDT
In reply to: NEWS - July 26, 2013

Dozens of companies are vying for contracts to be part of the Department of Homeland Security's new shopping hub where federal, state, and local agencies can buy services to protect their computer networks, according to a Bloomberg BusinessWeek report.

As many as five companies will be awarded contracts by the General Services Administration, BusinessWeek reported on Tuesday. The $6 billion figure is the maximum value of those contracts, which can be as long as five years. BusinessWeek has confirmed major defense and government contractors Northrop Grumman, Lockheed Martin, SAIC, and Computer Sciences Corp. have also submitted bids.

"We're not talking about buying pencils; we're talking about an advanced technology architecture system," Michael Carpenter, president of U.S. sales for McAfee, told Bloomberg BusinessWeek. McAfee is one of the companies interested in being part of the program.

Continued : http://www.securityweek.com/dhs-launch-cybersecurity-marketplace

Also:
DHS to set up "cybersecurity shop" for govt agencies
DHS to set up $6 billion one-stop security shop for government agencies

Collapse -
Spanish train disaster exploited by sick malware authors
by Carol~ Forum moderator / July 26, 2013 12:23 AM PDT
In reply to: NEWS - July 26, 2013

I warned in my last article about the CNN Breaking News malware attacks, that are exploiting news stories about the royal baby and other topics, but the latest incarnation of this internet attack really sends a chill down the spine.

Spam messages have been sent out about the horrific inter-city train derailment, near Santiago de Compostela in in the North West of Spain, claiming to be a breaking news report from CNN.

Here's what the messages can look like, with content clearly lifted from a real CNN online report: [Screenshot]

The text of the message reads as follows:

Continued : http://grahamcluley.com/2013/07/spanish-train-disaster-malware/

Collapse -
Haunted by the Ghosts of ZeuS & DNSChanger
by Carol~ Forum moderator / July 26, 2013 12:48 AM PDT
In reply to: NEWS - July 26, 2013

One of the challenges in malware research is separating the truly novel innovations in malcoding from new nasties that merely include nominal or superficial tweaks. This dynamic holds true for both malware researchers and purveyors, albeit for different reasons. Researchers wish to avoid being labeled alarmist in calling special attention to what appears to be an emerging threat that turns out to be old news; the bad guys just want to avoid getting scammed into paying for an old malware kit dressed up as the new next big thing.

On Tuesday, RSA Security somewhat breathlessly announced that it had spotted KINS, a ZeuS Trojan variant that looked like "a new professional-grade banking Trojan" that was likely to emerge as the "next Trojan epiphany" in the cybercrime underground. RSA said the emergence of KINS was notable because the reigning ZeuS Trojan derivative - the Citadel Trojan — had long ago been taken off the market, and that crooks were anxiously awaiting the development and sale of a new botnet creation kit based on the leaked ZeuS source code.

Continued : http://krebsonsecurity.com/2013/07/haunted-by-the-ghosts-of-zeus-dnschanger/

Related:
KINS Banking Trojan a Successor to Citadel?
Banking trojan KINS resembles architecture of Zeus, targets Windows users
Raid millions of bank accounts. New easy-to-use tool. Yours for $5,000
Move Over Zeus: KINS Banking Trojan Looks to Be the Next Great Financial Crimeware

Collapse -
More Royal Baby Malware Spam: "Perfect gift for royal baby...
by Carol~ Forum moderator / July 26, 2013 12:48 AM PDT
In reply to: NEWS - July 26, 2013
...a tree?"

From the ThreatTrack Security Labs Blog:

More Royal Baby Malware, hot on the heels of the first attempt.

This piece of spam is mashing up a combination of two CNN video stories involving President Obama and, er, trees. [Screenshot]

Subject: "Perfect gift for royal baby...a tree?" - BreakingNews CNN

Body:

Washington (CNN)— What will the Obamas get the royal wee one? Sources say it's a topic under discussion in the White House and at the State Department.

No baby buggy will do. The president and first lady must find a special gift to honor the special relationship between the United States and the United Kingdom.

Kate and William bring home royal baby boy


Rogue URLs:

Continued : http://www.threattracksecurity.com/it-blog/more-royal-baby-malware-spam-perfect-gift-for-royal-baby-a-tree/
Collapse -
BBB Warns: Beware Royal Baby Scams
by Carol~ Forum moderator / July 26, 2013 5:33 AM PDT

With the new royal baby making headlines, BBB expects to see scammers taking advantage of the public's eagerness to see photos of the newborn prince.

BBB warns, be careful when searching Google for news about the royal baby. Scam artists use fake websites to corrupt your computer.

On Facebook, you may see a friend likes an "exclusive" video of the new royal baby. Curious, you click on the link. You are taken to a 3rd party website, where a pop up appears prompting you to "update your video player" before you can view the clip. You click "Ok." However, when you download the file, you aren't updating your software. You are downloading a virus that scans your machine for banking and other personal information. Similar scams can be found on Twitter and other social media.

Scam artists also prey on victims through "phishing" emails that promise "exclusive videos." The link in the email takes you to a 3rd party website that asks for your personal information.

Take the following steps to protect yourself:

Continued : http://louisville.bbb.org/article/BBB-Warns-Beware-of-Royal-Baby-Scams-43058

Collapse -
When Car Hacking Turns Your Vehicle into a Video Game
by Carol~ Forum moderator / July 26, 2013 2:33 AM PDT
In reply to: NEWS - July 26, 2013

Symantec Security Response Blog:

Modern cars contain a lot of nifty electronic gadgets, as well as more than one kilometer of cable wired to all kinds of sensors, processing units, and electronic control units. The cars themselves have become large computers, and as history shows, wherever there is a computer, there is someone trying to attack it. Over the past few years various studies have been conducted on how feasible it would be to attack a car through its onboard network. Most researchers focused on attacks with full physical access to the car, but some also explored external attack vectors.

If attackers have physical access to a car they can, for example, access the Controller Area Network (CAN) or the On-Board Diagnostic (OBD) system, but they can also perform other dangerous actions, such as physically tampering with the brakes or stealing the car. Digitally tampering with a car, on the other hand, might be much more difficult to prove after an accident. Such attacks could potentially be combined with other attacks that allow for a remote code execution and should be taken as a demonstration of payloads.

Continued : http://www.symantec.com/connect/blogs/when-car-hacking-turns-your-vehicle-video-game

Related: Car-hacking Researchers Hope to Wake up Auto Industry

Collapse -
Hacking Cars, Subverting Onboard Computers in Modern Vehicle
by Carol~ Forum moderator / July 26, 2013 5:33 AM PDT

"Malwarebytes Unpacked" Blog:

There is a fascinating presentation due to be given at Defcon21, by Charlie Miller, of Twitter, and Chris Valasek, of IOACTIVE. They have received a grant from DARPA , The Defense Advanced Research Agency, to perform research on "hacking cars."

As motor vehicles advance technologically, they incorporate more and more computers. So far, the threat of them being hacked has largely been ignored, as they have been seen as "stand alone" systems. There is a trend to increase vehicle connectivity, and with this comes the potential risks of vehicles falling prey to malicious software. Suddenly, the glowing magnet devices of the latest iteration of the "Fast and Furious" franchise, that caused the hero's cars to careen through buildings uncontrollably, do not seem all that far fetched.

I personally liked that it was used as an excuse to showcase awesome classic cars, on account of them not having onboard computers, but hey, I'm also a car guy.

Many cars have systems such as OnStar, a cellular enabled roadside assistance service offered in some GM vehicles. Concerns have been raised on possible use of this system as a surveillance tool, something Onstar says isn't possible. Their terms of service do say they retain the GPS data, and may sell it to third parties, after "anonymizing" it. I'm curious how you could anonymize this GPS data. I park my car in my driveway. The capabilities of these types of systems, such as unlocking doors, and turning the engine off, if done with a malicious intent are a sobering thought.

Continued : http://blog.malwarebytes.org/news/2013/07/hacking-cars-subverting-onboard-computers-in-modern-vehicles/#

Collapse -
Poker player who won $1.5M charged with running Android
by Carol~ Forum moderator / July 26, 2013 2:34 AM PDT
In reply to: NEWS - July 26, 2013
Poker player who won $1.5 million charged with running Android malware ring

A man who has won about $1.5 million in poker tournaments has been arrested and charged with running an operation that combined spam, Android malware, and a fake dating website to scam victims out of $3.9 million, according to Symantec.

Symantec worked with investigators from the Chiba Prefectural Police in Japan, who earlier this week "arrested nine individuals for distributing spam that included e-mails with links to download Android.Enesoluty—a malware used to collect contact details stored on the owner's device," Symantec wrote in its blog.

Android.Enesoluty is a Trojan distributed as an Android application file. It steals information and sends it to computers run by hackers. It was discovered by security researchers in September 2012.

The suspect flagged as the "main player running the operation" is 50-year-old Masaaki Kagawa of Tokyo, president of an IT firm named Koei Planning and a poker player with success in high-stakes tournaments around the world.

Continued : http://arstechnica.com/information-technology/2013/07/poker-player-who-won-1-5-million-charged-with-running-android-malware-ring/

Related: Japanese police bust poker-playing IT boss for Android malware
Collapse -
Apple hack exploited with new phishing campaign
by Carol~ Forum moderator / July 26, 2013 2:34 AM PDT
In reply to: NEWS - July 26, 2013

" In the usual manner of scammers, new phishing emails have surfaced which take advantage of Apple's security vulnerabilities."

In order to make sure a phishing campaign works, the victim has to believe an email is legitimate. It's no surprise that the Apple security breach is the latest event to be taken advantage of.

Phishing attacks are a relatively simple way to steal data. Users click on an email they believe to be legitimate, allowing malware to be installed or submitting login details for a service, whether it be a fake bank email, service, or the Spanish lottery. Perhaps if you're particularly lucky, there is a wealthy gentlemen in Africa who wants to transfer millions of dollars to your account -- but only if you forward along some of the costs in advance, of course.

Phishing campaigns have advanced from the days of poorly-written English and laughable stories. Now, some scammers take pains to make sure the email looks legitimate, from including a PayPal logo to the typical disclaimer of a bank at the bottom. Once clicked on, users are often directed to legitimate-looking websites set up to store the credentials you input.

In a new campaign, the recent service outage of Apple's Dev Center has prompted a flood of phishing emails asking users to change their passwords -- and short as the email is, to the average user, it may be viewed as legitimate. [Screenshot]

Continued : http://www.zdnet.com/apple-hack-exploited-with-new-phishing-campaign-7000018546/

Collapse -
"FBI warning" ransomware leads to man's arrest for ..
by Carol~ Forum moderator / July 26, 2013 2:34 AM PDT
In reply to: NEWS - July 26, 2013
... child sexual abuse images

Perhaps it turns out that malware can be a good thing, after all.

21-year-old Jay Matthew Riley, of Woodbridge, Virginia, had an alarming pop-up appear on his computer a few days ago.

The warning message which was displayed on Riley's computer claimed to be from the FBI and accused him of "child pornography" crimes.

The message probably looked similar to the one below, telling Riley to pay a fine or risk being investigated. [Screenshot]

Of course, the message is fake. It's displayed by all-too-commonly encountered ransomware, which locks victims' computers and displays distressing messages about child sexual abuse in an attempt to trick computer owners into paying money.

So, what did Riley do?

Continued : http://grahamcluley.com/2013/07/fbi-ransomware-scares-man-arrest/
Collapse -
Security Vendors: Do No Harm, Heal Thyself
by Carol~ Forum moderator / July 26, 2013 4:07 AM PDT
In reply to: NEWS - July 26, 2013

Security companies would do well to build their products around the physician's code: "First, do no harm." The corollary to that oath borrows from another medical mantra: "Security vendor, heal thyself. And don't take forever to do it! "

On Thursday, Symantec quietly released security updates to fix serious vulnerabilities in its Symantec Web Gateway, a popular line of security appliances designed to help "protect organizations against multiple types of Web-borne malware." Symantec issued the updates more than five months after receiving notice of the flaws from Vienna, Austria based SEC Consult Vulnerability Lab, which said attackers could chain together several of the flaws to completely compromise the appliances.

"An attacker can get unauthorized access to the appliance and plant backdoors or access configuration files containing credentials for other systems (eg. Active Directory/LDAP credentials) which can be used in further attacks," SEC Consult warned in an advisory published in coordination with the patches from Symantec. "Since all web traffic passes through the appliance, interception of HTTP as well as the plain text form of HTTPS traffic (if SSL Deep Inspection feature in use), including sensitive information like passwords and session cookies is possible."

Continued : http://krebsonsecurity.com/2013/07/security-vendors-do-no-harm-heal-thyself/

Related: Multiple Vulnerabilities in Symantec Web Gateway

See Vulnerabilities / Fixes : Symantec Web Gateway Multiple Vulnerabilities

Collapse -
Malwarebytes Adopts Aggressive PUP Policy
by Carol~ Forum moderator / July 26, 2013 5:33 AM PDT
In reply to: NEWS - July 26, 2013

Marcin Kleczynski @ the "Malwarebytes Unpacked" Blog:

In the past, Malwarebytes Anti-Malware has detected only PUPs, or Potentially Unwanted Programs, that were mostly harmful and deceiving. Our users expected more and so we've revised our policy to include PUPs in our database that most of our users find annoying or misleading. Within the next few days, detection for many new variants will be added.

Malwarebytes feels most of our users have no knowledge that these PUPs were installed and would like them removed. Several thousand forum posts and support tickets confirm our standpoint. Ranging from difficult to uninstall applications to software that makes you opt-out, we've had enough of it all!

We invite all antivirus companies to join our fight, not only against malware, but also against unwanted and undesirable software. The only way we will make a difference is collectively.

http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/#

Popular Forums
icon
Computer Help 47,885 discussions
icon
Computer Newbies 10,322 discussions
icon
iPhones, iPods, & iPads 3,188 discussions
icon
Security 30,333 discussions
icon
TVs & Home Theaters 20,177 discussions
icon
HDTV Picture Setting 1,932 discussions
icon
Phones 15,713 discussions
icon
Windows 7 6,210 discussions
icon
Networking & Wireless 14,510 discussions

Big stars on small screens

Smosh tells CNET what it took to make it big online

Internet sensations Ian Hecox and Anthony Padilla discuss how YouTube has changed and why among all their goals, "real TV" isn't an ambition.