11 total posts
The Scrap Value of a Hacked PC, Revisited
A few years back, when I was a reporter at The Washington Post, I put together a chart listing the various ways that miscreants can monetize hacked PCs. The project was designed to explain simply and visually to the sort of computer user who can't begin to fathom why miscreants would want to hack into his PC. "I don't bank online, I don't store sensitive information on my machine! I only use it to check email. What could hackers possibly want with this hunk of junk?," are all common refrains from this type of user.
I recently updated the graphic (below) to include some of increasingly prevalent malicious uses for hacked PCs, including hostage attacks — such as ransomware — and reputation hijacking on social networking forums. [Screenshot]
One of the ideas I tried to get across with this image is that nearly every aspect of a hacked computer and a user's online life can be and has been commoditized. If it has value and can be resold, you can be sure there is a service or product offered in the cybercriminal underground to monetize it. I haven't yet found an exception to this rule.
By way of example, consider the point-and-click tools pictured below, which are offered on several fraud forums by one enterprising young miscreant. This guy makes and markets dozens of account checking tools that are used to test the validity and status of many popular online stores and services, including Amazon, American Express, eBay, Facebook, iTunes, PayPal and Skype, to name a few.
Continued : http://krebsonsecurity.com/2012/10/the-scrap-value-of-a-hacked-pc-revisited/
eBay phishers quickly react to branding change
eBay has recently redesigned its logo, and it didn't take long for some phishers to modify their attempts to match the change: [Screenshot]
"It probably won't be long before most (if not all) phishers start using the new logo, but for the time being at least some phish attempts will be a little easier to spot for the average end-user," says GFI's Chris Boyd.
On the other hand, the phishing attempts displaying the old logo might still be very successful, as regular low-level users don't usually keep abreast of changes such as these. They might consider the pages with the new logo "obviously fake" and not fall for the scheme.
Continued : http://www.net-security.org/secworld.php?id=13767
The bottom falls out of Facebook email malware
SophosLabs has intercepted a malware attack that has been spammed out, pretending to be a notification about a Facebook friend's sexy video.
Although you may think that as the emails are written in Spanish, they are unlikely to trick many non-speakers to click on the malicious link contained within.
However, an embedded thumbnail of a semi-naked young woman may be enough for many to venture further without thinking of the possible consequences.
I've edited the screenshot below because even after blurring and pixellating, it still looked really rather rude. Anyway, you can still see enough of the email to get the gist of what to look out for in your inbox. [Screenshot: Malicious Facebook Email]
Continued : http://nakedsecurity.sophos.com/2012/10/15/facebook-email-malware-bottom/
US Military Prepares New Rules for Cyber War: Panetta
The United States faces a growing threat of a "cyber-Pearl Harbor" and has drafted new rules for the military that would enable it to move aggressively against digital attacks, Defense Secretary Leon Panetta said late Thursday.
The amended rules of engagement underline the need to defend Defense Department computer networks, "but also to be prepared to defend the nation and our national interests against an attack in or through cyberspace," he said.
Citing a mounting cyber danger that could cripple the country's vital infrastructure, Panetta told an audience in New York: "We won't succeed in preventing a cyber attack through improved defenses alone."
"If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the president," he said.
"For these kinds of scenarios, the department has developed the capability to conduct effective operations to counter threats to our national interests."
Continued : http://www.securityweek.com/us-military-prepares-new-rules-cyber-war-panetta
U.S. Secretary of Defense Warns of Devastating Cyber Attack
US Promises Retaliation in Case of Iran-Triggered Cyberwar
State-Sponsored Malware 'Flame' Has Smaller, More Devious
[Screenshot: miniFlame Infection Stats]
Researchers have uncovered new nation-state espionage malware that has ties to two previous espionage tools known as Flame and Gauss, and that appears to be a "high-precision, surgical attack tool" targeting victims in Lebanon, Iran and elsewhere.
Researchers at Kaspersky Lab, who discovered the malware, are calling the new malware miniFlame, although the attackers who designed it called it by two other names - "SPE" and "John." MiniFlame seems to be used to gain control of and obtain increased spying capability over select computers originally infected by the Flame and Gauss spyware.
It is the fourth piece of nation-state malware discovered in the last year that appears to have been created by the same group behind Stuxnet, the groundbreaking cyberweapon that sabotaged Iran's nuclear program and is believed to have been created by the U.S. and Israeli governments. The others - all designed for espionage rather than destruction - are DuQu, Flame, and Gauss.
Continued : http://www.wired.com/threatlevel/2012/10/miniflame-espionage-tool/
Also: Precision Espionage miniFlame Malware Tied to Flame, Gauss
Oracle Patch Update to Include 109 Patches
Buckle up Oracle administrators for 109 patches coming your way tomorrow. Oracle's quarterly Critical Patch Update is due, and the company is releasing fixes for security vulnerabilities across most of its enterprise products, addressing a host of remotely exploitable flaws. This comes a little more than a month after exploits of a serious zero-day vulnerability in Java were reported, as well as a critical zero-day vulnerability in Java SE.
Seemingly, no product line is spared. Five patches will be released addressing security problems in Oracle Database Server, including one that is remotely exploitable over a network without the need for a username and password, Oracle said. Two of the patches address client-only installations.
Two of these vulnerabilities were reported by Application Security Inc.'s TeamSHATTER research outfit, including a remotely exploitable password cracking flaw in Oracle 11g explained in CVE 2012-3137.
"Even though Oracle closed the issue more than a year ago, they are now providing a more complete and easy-to-implement fix. According to information they have provided us, the new fix will address the vulnerability in all supported releases (126.96.36.199, 188.8.131.52 and 184.108.40.206) and will not require a Client software upgrade," said Esteban Martinez Fayo, researcher with TeamSHATTER. "The original fix that they provided one year ago was just for 220.127.116.11 and requires that all client software be upgraded to 18.104.22.168."
Continued : https://threatpost.com/en_us/blogs/oracle-patch-update-include-109-patches-101512
FBI issues mobile malware warning, specifically discusses..
FBI issues mobile malware warning, specifically discusses Android, and offers safety tips
The Internet Crime Complaint Center (IC3), a task force that includes the Federal Bureau of Investigation (FBI), the National White Collar Crime Center (NW3C), and the Bureau of Justice Assistance (BJA) has issued a mobile malware warning late last week. The group also outlined a bunch of steps that mobile users should follow to stay protected.
The warning is a poor one for a few reasons. First of all, it came out on a Friday, and doesn't follow any particular threat outbreak. Secondly, the title doesn't list Android specifically (Smartphone Users Should Be Aware of Malware Targeting Mobile Devices and Safety Measures to Help Avoid Compromise) and yet the introduction states "The IC3 has been made aware of various malware attacking Android operating systems for mobile devices."
The poor choice of examples doesn't help. "Some of the latest known versions of this type of malware are Loozfon and FinFisher," the IC3 goes on to say. The first pick is odd because it is hardly a big threat and the second is even weirder because it doesn't just target Android.
Continued : http://thenextweb.com/google/2012/10/15/fbi-issues-mobile-malware-warning-specifically-discusses-android-and-offers-safety-tips/
Reading someone's Gmail doesn't violate federal statute,
.. court finds
"SC court says Gmail not "electronic storage" by Stored Communications Act."
In a case decided on Wednesday, the South Carolina Supreme Court ruled that accessing someone's online e-mail without their permission doesn't violate the 1986-era Stored Communications Act (SCA). Though they differed in their reasoning, the justices were unanimous in ruling that e-mail stored in the cloud (like Gmail or Yahoo Mail) does not meet the definition of electronic storage as written in the statute.
This new decision creates a split with existing case law (Theofel v. Farey-Jones) as decided in a 2004 case decided by the Ninth Circuit Court of Appeals. That decision found that an e-mail message that was received, read, and left on a server (rather than being deleted) did constitute storage "for purposes of backup protection," and therefore was also defined as being kept in "electronic storage."
Legal scholars point to this judicial split as yet another reason why the Supreme Court (and/or Congress) should take up the issue of the Stored Communications Act.
"This [South Carolina] decision is more evidence of how intractable and inconsistent our statutory electronic surveillance regime has become," Woodrow Hartzog, a professor at the Cumberland School of Law at Samford University, told Ars.
Continued : http://arstechnica.com/tech-policy/2012/10/reading-someones-gmail-doesnt-violate-federal-statute-court-finds/
Hackers Claim to Have "Trolled" Oprah Winfrey, Hacked Site
A group of hackers calling itself Goatse Security claims to have breached Oprah Winfrey's official website (oprah.com). They haven't leaked any sensitive data, but that's because they claim they're not hackers, but "sophisticated trolls."
"Hello citizens of this sophisticated software known as 'internet' we're GoatseSec and we're here to tell you that we are not gone, and we are not washed up," the group introduced itself.
"Just know, we're still here, and always have been and will be, our false arrests have taken place our Domain password has been changed though, we cannot change the websites template or code into it," they added.
"Also, we're not not 'mastermind' hackers we aren't hackers period we're just adults with a weird thrill and dosage of 'lulz' in other words, we love to troll the [expletive] out of websites and their security. So with that being said we give you some parts of Oprah Winfrey's database."
The information they have published consists of database names, table names and the columns they contain.
On their Twitter account, Goatse Security have highlighted the fact that they're "not hackers." On the other hand, they have admitted to be occasionally working with Anonymous.
"As we have said before, we're not Hackers. We're sophisticated trolls therefore we do not leak we speak. Understood? #GoatseSec," they wrote.
Continued : http://news.softpedia.com/news/Hackers-Claim-to-Have-Trolled-Oprah-Winfrey-Hacked-Website-299288.shtml
Beware! DHL Express malware attack appearing in inboxes
Take care folks if you're returning to your inbox today, after a weekend away. A malicious email could be lurking there - waiting to infect your computers.
SophosLabs has intercepted a widespread malware campaign that has been spammed out, disguised as a communication from DHL Express.
The emails have the subject line "Processing complete successfully", and claim to be a DHL Express Tracking Notification.
The emails look like the following (click on the image for a larger version): [Screenshot]
Attached to each of the emails is a file, DHL_Express_Processing_complete.pdf.zip, which contains malware that Sophos products detect as Troj/BredoZp-S.
If you unzip the file, and open its contents, you will be putting your Windows computer at risk of infection.
Malicious emails claiming to come from the likes of DHL, FedEx and UPS are nothing new. The reason why we continue to see malware attacks using this kind of disguise though is easy to understand - it works.
Continued : http://nakedsecurity.sophos.com/2012/10/15/dhl-express-malware/