Spyware, Viruses, & Security forum

Alert

NEWS - March 29, 2013

by Carol~ Forum moderator / March 28, 2013 10:21 PM PDT
When spammers go to war: Behind the Spamhaus DDoS

"The story behind the 300Gb/s attack on an anti-spam organization."

Over the last ten days, a series of massive denial-of-service attacks has been aimed at Spamhaus, a not-for-profit organization that describes its purpose as "track[ing] the Internet's spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks." These attacks have grown so large—up to 300Gb/s—that the volume of traffic is threatening to bring down core Internet infrastructure.

The New York Times reported recently that the attacks came from a Dutch hosting company called CyberBunker (also known as cb3rob), which owns and operates a real military bunker and which has been targeted in the past by Spamhaus. The spokesman who the NYT interviewed, Sven Olaf Kamphuis, has since posted on his Facebook page that CyberBunker is not orchestrating the attacks. Kamphuis also claimed that NYT was plumping for sensationalism over accuracy.

Sven Olaf Kamphuis is, however, affiliated with the newly organized group "STOPhaus." STOPhaus claims that Spamhaus is "an offshore criminal network of tax circumventing self declared internet terrorists pretending to be 'spam' fighters" that is "attempt[ing] to control the internet through underhanded extortion tactics."

Continued : http://arstechnica.com/security/2013/03/when-spammers-go-to-war-behind-the-spamhaus-ddos/

Also from Ars: How Spamhaus' attackers turned DNS into a weapon of mass destruction

Related:
Was 'the biggest cyberattack in history' all just a PR stunt?
The Internet is falling? Reports of global web slowdown amidst mass cyber-attack overblown
DDoS attack against Spamhaus overhyped, says website watcher Keynote
Post a reply
Discussion is locked
You are posting a reply to: NEWS - March 29, 2013
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - March 29, 2013
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Kock Attack: Anonymous Member Could Spend 5 Yrs behind Bars
by Carol~ Forum moderator / March 28, 2013 11:50 PM PDT
In reply to: NEWS - March 29, 2013

A 37-year-old Anonymous member faces up to five years in prison if found guilty of a DDoS attack against a multinational company, according to IT World. If convicted, he may also be forced to pay up to $500,000 fines.

Eric J. Rosol from the US state of Wisconsin allegedly participated in the attack on a website of the Koch Industries back in February 2011. The firm is involved in several businesses, including oil and manufacturing.

At the beginning of 2011, Anonymous started to encourage attacks against the multinational for the role it allegedly played in weakening the bargaining power of trade unions.

To attack www.kochind.com, Eric Rosol used Low Orbit Ion Cannon, a popular tool written in C# that allows attackers to overload a website with requests and disrupt the servers. The Koch Industries website crashed and was temporarily unavailable.

Rosol is now charged with one count of conspiracy to damage a protected computer and another count of damaging a protected computer.

Continued : http://www.hotforsecurity.com/blog/anonymous-member-could-spend-five-years-behind-bars-in-koch-attack-5797.html

Also:
Anonymous Supporter Charged with DDoS Attack on Koch Industries
Wisconsin man charged with participating in Anonymous DDoS
Wisconsin man cuffed over Koch-blocking DDoS attack

Collapse -
Cash Claws, Fake Fascias & Tampered Tickets
by Carol~ Forum moderator / March 28, 2013 11:51 PM PDT
In reply to: NEWS - March 29, 2013

Credit and debit card skimmers aren't just for ATMs anymore. According to European anti-fraud experts, innovative skimming devices are turning up on everything from train ticket kiosks to parking meters and a host of other unattended payment terminals.

Recently, at least five countries reported skimming attacks against railway or transport ticket machines, according to the European ATM Security Team (EAST), a not-for-profit organization that collects data on skimming attacks. Two countries reported skimming attacks at parking machines, and three countries had skimming incidents involving point-of-sale terminals. EAST notes that Bluetooth devices increasingly are being used to transit stolen card and PIN data wirelessly. [Screenshot]

The organization also is tracking a skimming trend reported by three countries (mainly in Latin America) in which thieves are fabricating fake ATM fascias and placing them over genuine ATMs, like the one pictured below. After entering their PIN, cardholders see an 'out-of-order' message. EAST said the fake fascias include working screens so that this type of message can be displayed. The card details are compromised by a skimming device hidden inside the fake fascia, and the PINs are captured via the built-in keypad, which overlays the real keypad underneath. [Screenshot]

Continued : http://krebsonsecurity.com/2013/03/cash-claws-fake-fascias-tampered-tickets/

Collapse -
Pirated software use triples - leaving PC users at risk
by Carol~ Forum moderator / March 28, 2013 11:51 PM PDT
In reply to: NEWS - March 29, 2013
.. of infection

From the ESET blog:

Use of pirated and counterfeit Windows software has tripled since 2006, according to analysts IDC - creating a fertile breeding ground for malware.

For the report, entitled 'The Dangerous World of Pirated and Counterfeit Software', IDC analysts conducted 533 tests on counterfeit software from P2P and web sources.

The tests found that counterfeit software led to infection with Trojans and malicious adware in 36% of cases. The research was commissioned and sponsored by Microsoft.

The problem afflicts business as well as consumers, thanks to employees installing their own software - with a quarter of American firms reporting that workers had done so within the past two years.

Continued : http://www.welivesecurity.com/2013/03/28/use-of-pirated-software-triples-leaving-pc-users-at-risk-of-infection/
Collapse -
Does your breach email notification look like a phish?
by Carol~ Forum moderator / March 28, 2013 11:51 PM PDT
In reply to: NEWS - March 29, 2013

From the SANS ISC:

With the continual cycle of systems being compromised and customer data being stolen, using email notification is a fast, easy and direct method to send out warnings and advice to the unfortunate victims. It's the one way, other than physical interaction (Phone calls, personal visits while offering a warm cup of tea and a sad smile or hiring street criers calling out the names of the afflicted in every town in the land...) that means all the right people do get notified, well, if they read their emails. It's a defacto standard to communication so surely we've worked out how to use it properly.

One group that uses email to great success are phishers. Here at the ISC, we get plenty phishing emails: Reader submitted and those sent directly to us, from the nonsensical, incoherent jibber-jabber to those carefully and professional crafted. The recent Mandiant report [1 (pdf)] goes to highlighting that even the top end of attackers uses phishing emails, making awareness programmes to anyone that has an email address something that needs tick off the to do list one of these days.

So what this got to do with breach notification emails? Glad you asked.

Continued : https://isc.sans.edu/diary.html?storyid=15508

Collapse -
Wedding-Inspired Spam Leads to Kuluoz Infection
by Carol~ Forum moderator / March 28, 2013 11:51 PM PDT
In reply to: NEWS - March 29, 2013

From ThreatTrack Security:

Weddings, no doubt, are always special. It is celebrated in more ways than one, depending on the culture, country, religious affiliation and tradition a couple belongs or wish to adhere to. However it is practiced, one thing is certain: the preparations and plannings behind it have been grueling, stressful and time consuming.

Thanks to technology and human ingenuity, wedding preparation is more manageable and a lot quicker to pull off than before. For one thing, there are services available online that cater to the soon-to-be-wedded who opt for the modern way of sending out wedding invitations in the form of e-cards.

Our researchers in the AV Labs captured a malicious spam appearing to be a wedding invitation purportedly from White Wedding Agency, a business entity in Prague: [Screenshot]

Continued : http://www.threattracksecurity.com/it-blog/wedding-inspired-spam-leads-to-kuluoz-infection/

From ESET: Don't save that date - bogus wedding invitations are latest spam trend

Collapse -
8 in 10 companies suffered web-borne attacks
by Carol~ Forum moderator / March 29, 2013 3:18 AM PDT
In reply to: NEWS - March 29, 2013

The vast majority of organizations that allow employees to freely access the Web are experiencing high rates of malware threats, including phishing attacks, spyware, keyloggers and hacked passwords, according to Webroot.

The study reveals that Web-borne attacks are impacting businesses, with the majority of them reporting significant effects in the form of increased help desk time, reduced employee productivity and disruption of business activities. To mitigate these significant business risks a properly layered defense with effective endpoint and Web security and monitoring needs to be in place.

Top-level corporate study findings:

• 8 in 10 companies experienced one or more kinds of Web-borne attacks in 2012
• 88% of Web security administrators say Web browsing is a serious malware risk
• Phishing is the most prevalent Web-borne attack, affecting 55% of companies.

Continued : http://www.net-security.org/secworld.php?id=14680

Collapse -
Android Malware Spreads Via IRS Spam Campaign
by Carol~ Forum moderator / March 29, 2013 3:18 AM PDT
In reply to: NEWS - March 29, 2013

Researchers at Dell SecureWorks say a multi-function piece of Android malware is spreading through a spam campaign that uses this year's tax season as part of a lure.

Known as Stels, the trojan was spotted by Dell SecureWorks Counter Threat Unit (CTU) research term being spread by the same spam campaigns blasted out by the Cutwail botnet. Once on a device, the malware is capable of stealing a victim's contact list, sending and intercepting text messages, making phone calls and installing more malware.

According to SecureWorks, the spam campaigns attempt to trick users into clicking links that redirect users to the Blackhole exploit kit. Since the Blackhole kit is unable to exploit Android devices, the attackers are using a fake Adobe Flash Player update to trick victims into downloading and executing the Stels trojan.

"The CTU research team has observed a shift away from Android malware being distributed through alternative marketplaces (i.e., outside of the official Google Play app store)," blogged Brett Stone-Gross, senior security researcher at CTU. "In particular, attackers have been orchestrating spam campaigns to distribute Android malware such as the NotCompatible and Stels trojans. Stels uses lures such as fake email messages from the U.S. Internal Revenue Service (IRS) and recommendations from a "friend."

Continued: http://www.securityweek.com/android-malware-spreads-irs-spam-campaign

Collapse -
Phishing Campaign Using Military, Illicit Attachments
by Carol~ Forum moderator / March 29, 2013 3:18 AM PDT
In reply to: NEWS - March 29, 2013

Look out for email attachments offering better sex tips and news about newly developed Chinese stealth frigates, because they are loaded with malware, according to a Securelist report written by Kaspersky Lab expert, Ben Godwood.

The malware is fairly old and not particularly advanced, but a lot of it has been trying to pass through the Kaspersky security network lately and on a very regular basis. Godwood advises that you just don't open attached documents with titles like: "EAT FOR BETTER SEX.doc," "How to last longer in bed.doc," "6 Awkward Sex Moments, Defused.doc," "9 ways to have better, hotter, and more memorable sex.doc," and "10 Ways to Get More Sex.doc."

You'll also want to avoid these potentially fascinating attachments: "Stealth Frigate.doc," "The BrahMos Missile.doc," and "How DRDO failed India's military.doc"

There is also a third category of malicious documents with roughly the same subjects, but written in Cyrillic characters:

Continued : https://threatpost.com/en_us/blogs/phishing-sex-tips-and-naval-hardware-specs-032913

Collapse -
A Peek At The Future Of Botnet Evolution
by Carol~ Forum moderator / March 29, 2013 3:18 AM PDT
In reply to: NEWS - March 29, 2013

Botnets weren't always malicious. According to a report by Symantec called The Evolution of IRC Bots (pdf), botnets were originally designed to automate basic tasks on IRC and allowed IRC operators to link instances of the bot together and manage its power. Eventually, botnets were used to perform DoS attacks and other malicious activities as computer users realized the potential collective power botnets had.

According to Richard Henderson, a security strategist and threat researcher for Fortinet's Fortiguard Labs, botnet authors are "leveraging real-world business models in order to expand their presence online." Writing code for botnets has become their full-time job.Authors watch closely when vendors patch a vulnerability. As soon as the patch details are released, they update their code to infect computers that haven't been updated yet. Botnet authors will also hire groups of affiliates in order to spread malware and generate revenue using different methods.

Mobile Botnets on the Rise

Continued: http://securitywatch.pcmag.com/none/309491-a-peek-at-the-future-of-botnet-evolution

Collapse -
Critical Flaw in Bind9 Software Can Kill DNS Servers
by Carol~ Forum moderator / March 29, 2013 6:19 AM PDT
In reply to: NEWS - March 29, 2013

A freshly-discovered flaw in the Berkley Internet Name Daemon (BIND) could allow an attacker to bring the DNS server to a grinding halt through the use of regular expressions.

The vulnerability is known as CVE-2013-2266 and affects Linux and Unix versions of BIND from 9.7.x, 9.8.0 to 9.8.5b1 and 9.9.0 to 9.9.3b1, but not similar versions running on Windows. When successfully exploited, the named process starts eating up computer memory until it runs out and the system crashes, along with other services running on the same server.

"Programs using the libdns library from affected versions of BIND are also potentially vulnerable to exploitation of this bug if they can be forced to accept input which triggers the condition. Tools which are linked against libdns (e.g. dig) should also be rebuilt or upgraded, even if named is not being used," reads the advisory posted by the Internet Systems Consortium.

Continued : http://www.hotforsecurity.com/blog/critical-flaw-in-bind9-software-can-kill-dns-servers-5806.html

Also:
Critical Flaw Threatens Millions of BIND Servers
Critical vulnerability in BIND 9 regular expression handling

Collapse -
Sprint, Softbank to shun China's networking equipment
by Carol~ Forum moderator / March 29, 2013 6:19 AM PDT
In reply to: NEWS - March 29, 2013

"National security fears lead to restrictions on proposed merger."

Sprint Nextel and its new owner will limit their use of technology made by Chinese companies, and allow US national security officials to monitor changes to their equipment. The pending agreement will help them gain US approval of SoftBank's $20 billion acquisition of Sprint.

US officials have accused Chinese firms Huawei and ZTE of having close ties with the Chinese government and military. They claim the companies' equipment raises the threat of "cyber-espionage" or attacks on US communications networks, although a White House review last year found no clear evidence that Huawei spied for China.

The New York Times last night quoted anonymous government officials as saying that Sprint Nextel and the Japanese SoftBank "are expected to enter an agreement with American law enforcement officials that will restrict the combined company's ability to pick suppliers for its telecommunications equipment and systems." Further, "The agreement would allow national security officials to monitor changes to the company's system of routers, servers and switches, among other equipment and processes, the officials said. It would also let them keep a close watch on the extent to which Sprint and SoftBank use equipment from Chinese manufacturers, particularly Huawei Technologies."

Continued : http://arstechnica.com/security/2013/03/sprint-softbank-to-shun-chinese-networking-equipment/

Also:
Sprint and SoftBank promise not to use Chinese networking equipment, says lawmaker
Sprint and SoftBank vow to drop Huawei equipment

Popular Forums
icon
Computer Help 49,613 discussions
icon
Computer Newbies 10,349 discussions
icon
Laptops 19,436 discussions
icon
Security 30,426 discussions
icon
TVs & Home Theaters 20,308 discussions
icon
Windows 10 360 discussions
icon
Phones 15,802 discussions
icon
Windows 7 7,351 discussions
icon
Networking & Wireless 14,641 discussions

Tech Tip

Stuck without Internet and want to watch movies?

CNET shows you how to download movies and TV shows onto your device using Amazon Prime so you'll always be entertained.