12 total posts
Chats With Accused 'Mega-D' Botnet Owner?
Recently leaked online chat records may provide the closest look yet at a Russian man awaiting trial in Wisconsin on charges of running a cybercrime machine once responsible for sending between 30 to 40 percent of the world's junk email.
Oleg Y. Nikolaenko, a 24-year-old who's been dubbed "The King of Spam," was arrested by authorities in November 2010 as he visited a car show in Las Vegas. The U.S. Justice Department alleges that Nikolaenko, using the online nickname "Docent" earned hundreds of thousands of dollars using his "Mega-D" botnet, which authorities say infected more than half a million PCs and could send over 10 billion spam messages a day. Nikoalenko has pleaded not guilty to the charges, and is slated to appear in court this week for a status conference (PDF) on his case.
The Justice Department alleges that Nikolaenko spammed on behalf of Lance Atkinson and other members of Affking, an affiliate program that marketed fly-by-night online pharmacies and knockoff designer goods. Atkinson told prosecutors that one of his two largest Russian spamming affiliates used the online moniker Docent. He also said that Docent received payment via an ePassporte account under the name "Genbucks_dcent." FBI agents later learned that the account was registered in Nikolaenko's name and address in Russia, and that the email address attached to the account was firstname.lastname@example.org.
Continued : http://krebsonsecurity.com/2011/12/chats-with-accused-mega-d-botnet-owner/#more-10106
Russian election 'cyber attack' brings down websites
Could elections in Russia have resulted in internet attacks on websites claiming that the vote was being fixed?
This weekend's vote, which saw a slump in support for the United Russia party of Prime Minister Vladimir Putin and President Dmitry Medvedev, has taken place against a backdrop of arrests, claims of election violations, and - now - website attacks.
Compromised computers around the world can be ordered to deluge a website with internet traffic, effectively clogging it up and bringing the site to its knees. The attack, known as a distributed denial-of-service (DDoS), exploits poorly-defended home PCs to bombard sites with requests.
DDoS attacks have been used to blackmail websites in the past, but of course, it's also a fairly simple way of shutting up a site if you don't like what it's saying too.
Continued : http://nakedsecurity.sophos.com/2011/12/05/russian-election-cyber-attack-brings-down-websites/
Also: Anti-Kremlin websites complain of DDoS attacks
Tool to detect Carrier IQ
Bitdefender announced the availability of a new tool that identifies the presence of the controversial mobile network diagnostic tool from Carrier IQ. [Screenshot]
Dubbed Carrier IQ Finder, the tool instantly determines if the user's Android device has been equipped with the Carrier IQ tracking package, and if the device is being monitored.
"Bitdefender values users' privacy and their right to take informed decisions when entering a deal with a mobile carrier," said Alexandru Balan, senior Product Manager of the Bitdefender Mobile Unit.
"Although the manufacturer claims that only some of the information provided through the Carrier IQ application is used by the carrier, the amount of personal data the app has access to raises serious privacy concerns," he added.
Because the Carrier IQ mobile network diagnostic tool is deeply integrated with the device's firmware, the Carrier IQ Finder cannot remove it.
Continued : http://www.net-security.org/secworld.php?id=12045
Lookout releases free Carrier IQ detection app
"Sniffs out controversial software on Android smartphones, but doesn't delete it"
A mobile security software company last Friday released a tool that detects Carrier IQ, the software embedded in numerous smartphones that has raised questions from users, privacy advocates and even Congress.
Lookout, best known for the Android security software by the same name, launched the free Carrier IQ Detector last week. It can be downloaded from the Android Market.
The tool only detects the presence of Carrier IQ on Android handsets: It does not scrub the software from the smartphone.
Lookout said that Carrier IQ was "deeply integrated with handset firmware [and] users would be required to attain special device privileges in order to remove it," then warned that doing so incorrectly could "put users at further risk of malware infection" and possibly make them unable to receive future phone updates.
The release of Carrier IQ Detector followed comments from Lookout last week that it would not classify the software as malware, and questioned the label "rootkit" for the tracking and network diagnostic program.
Continued : http://www.computerworld.com/s/article/9222413/Lookout_releases_free_Carrier_IQ_detection_app
Kaspersky Dumps Anti-Piracy Group in SOPA Protest
Security vendor Kaspersky has announced it will withdraw its membership of the Business Software Alliance (BSA) over the group's support of SOPA. The Russian company, which is famous for its anti-virus products, says the pending legislation will hurt both innovation and consumers. In protest, Kaspersky will end its association with the BSA on January 1st 2012.
While the opinions of outright SOPA opponents are well documented, it came as a surprise last month when the Business Software Alliance (BSA), a former staunch supporter, published a blog post indicating it had some reservations on the pending legislation.
The BSA - which counts giants such as Microsoft, Apple, Adobe and Intel among its ranks - declared in their headline that SOPA Needs Work to Address Innovation Considerations.
Nevertheless, for BSA member and security vendor Kaspersky, it's too little, too late.
In a clear protest against SOPA, Kaspersky has announced that on January 1st 2012 it will withdraw its membership of the BSA.
"Kaspersky has not participated in drafting the bill, nor participated in the debate on SOPA, and does not support this initiative," the company said in a statement.
Continued : http://torrentfreak.com/kaspersky-dumps-anti-piracy-group-in-sopa-protest-111205/
Lawmakers Propose Alternative to Stop Online Piracy Act
A group of U.S. lawmakers has proposed an alternative to the controversial copyright enforcement legislation, the Stop Online Piracy Act, with the draft proposal giving the U.S. International Trade Commission (ITC) the authority to investigate complaints about copyright infringement on foreign websites.
The draft proposal (pdf), unveiled Friday, would allow the ITC to issue cease-and-desist orders to foreign websites that willfully engage in copyright infringement, supporters said. The ITC already investigates patent infringement complaints and can bar infringing products from being imported into the U.S.
Under the proposal, the ITC could also investigate complaints of copyright infringement by foreign websites. Owners of the websites would be invited to present their side to the ITC, and the public would be notified of investigations, as the ITC does in patent investigations. ITC rulings against websites could be appealed to a U.S. appeals court.
The Stop Online Piracy Act, or SOPA, would allow the U.S. Department of Justice and copyright holders to seek court orders blocking payment processors and online advertising networks from doing business with foreign sites accused of infringing copyright. Opponents of SOPA say the legislation lacks strong due-process protections for website owners and is broad enough to allow copyright holders to target U.S. websites with user-generated content, such as YouTube and Twitter.
Continued : http://www.pcworld.com/businesscenter/article/245419/lawmakers_propose_alternative_to_stop_online_piracy_act.html
Security holes caused by pre-installed Android apps
Researchers at North Carolina State University have discovered a number of security holes in various popular Android smartphones which can enable attackers to access or delete data, send SMS text messages, tap communication or determine a user's location. The vulnerability exists because some smartphone vendors' pre-installed apps fail to enforce Android's security model.
The researchers created a system called Woodpecker to analyse the flow of applications and used it to examine eight smartphones by four manufacturers: HTC's Wildfire S, Legend and EVO 4G, Motorola's Droid and Droid X, Samsung's Epic 4G and Google's Nexus One and Nexus S models.
In their study, entitled "Systematic Detection of Capability Leaks in Stock Android Smartphones" (PDF), the scientists said that they could find little fault in Google's reference implementations on the Nexus models, but that they were surprised to discover that some vendors' custom implementations fail to properly enforce Android's privilege-based security model. The researchers also show a proof of concept application which requests no capabilities yet is able to record audio and send text messages. [Video]
Continued : http://www.h-online.com/security/news/item/Security-holes-caused-by-pre-installed-Android-apps-1389747.html
Facebook chat worm continues to spread
Last week Naked Security warned of a Facebook worm that was spreading on the social network, tricking users into believing that they were clicking on a link to an image.
The bad news is that the attack appears to still appears to be spreading via Facebook's chat system, exploiting compromised users' accounts.
An analysis by SophosLabs has identified that malware designed to install the Dorkbot worm onto users' computers is being spread via Facebook chat. And, for now at least, Facebook's built-in security systems are not preventing it. [Screenshot]
It wasn't the Facebook friend you are chatting with who sent that message, it was the Dorkbot malware instead. The link may appear - on casual observation - to point to Facebook.com, but in reality it goes to a third-party website.
Although an unsuspecting user may believe that they are clicking on a link to a JPG image, the truth is that they are downloading an executable file that attempts to download further code (another piece of malware) from the net and drops a .BAT batch file onto infected computers.
The ultimate aim of all this malicious activity is to install the Dorkbot malware onto your Windows computer.
Continued : http://nakedsecurity.sophos.com/2011/12/05/facebook-chat-worm-continues-spread/
2012 Predictions: Looking ahead at the threat landscape
Continuing our series on threat predictions for 2012, The Tech Herald presents a list of nine things to consider in the coming years. The list was compiled by Joseph Steinberg, the CEO of Green Armor Solutions.
There will be an uptick in sophisticated, targeted cybersecurity attacks. The success of the Stuxnet virus and other targeted forms of cyberattack have shown hackers the value of such an approach.
Improved social engineering attacks. As people share an increasingly large volume of data about themselves online, and as social networking sites regularly change both their feature-sets and their privacy policies thereby causing information leaks due to resulting user errors, we will see increased targeted social engineering attacks.
In addition, criminals will leverage social information to assist them with crimes. So think twice about posting onto Facebook those photos of your family at Disneyworld until you are back home, burglars know that if you are at Disney, your home is likely empty.
Psychology will play a greater role in both attacks and defenses. Security technologies improve far more rapidly than the human mind, and people are increasingly often the weak link in the security chain. Criminals will increase their use of psychological subterfuge in launching attacks, such as through targeted phishing and it will be more important than ever to leverage psychology in defenses.
Continued : http://www.thetechherald.com/articles/2012-Predictions-Looking-ahead-at-the-threat-landscape
Carberp + BlackHole = growing fraud incidents
From the ESET Threat Blog:
In recent years there has been a tremendous increase in the Russian region in the number of sites redirecting users to the Black Hole exploit kit. In most cases, successful exploitation of a vulnerability in client software leads to the installation onto the victim's machine of either the trojan Win32/TrojanDownloader.Carberp or of Win32/Carberp (the version updated to incorporate bootkit functionality).
One of its most intriguing aspects is that distribution of the malware has been restricted to the most popular web sites for people managing finances in companies: these sites are visited several hundred thousand times a day. The statistics presented below clearly reflect an increase in Carberp detections in the Russian region during November. This trojan takes fifth place in the list of the most widely spread malware: Win32/TrojanDownloader.Carberp.AF - 1.73 %.
The number of detections of the Carberp family in general has more than tripled in November: [Screenshot: Figure 1]
The distribution model is essentially a standard approach, but what makes it interesting is the number of legitimate web resources used to deliver Carberp onto the victim's computers. The distribution scheme is shown in Figure 2. [Screenshot: Figure 2]
Based on the statistics obtained from one of the nodes hosting an active Black Hole exploit pack, the most frequently exploited vulnerabilities leading to system infection with malware are found in Java software.
Continued : http://blog.eset.com/2011/12/04/carberp-blackhole-growing-fraud-incidents
GCHQ spooks' code-breaking puzzle solved
The GCHQ-set code-breaking puzzle was solved over the weekend.
The signals intelligence agency last week set a puzzle at canyoucrackit.co.uk in its attempt to unearth potential recruits beyond its traditional graduate programme. Late last week it emerged that the successful completion page for the puzzle was available by a simple Google search.
Many people have since cracked the code properly including Dr Gareth Owen, a computer scientist and senior lecturer at the University of Greenwich in England. Owen has posted a full video explanation of how to solve the three-part puzzle here.
Would-be code-breakers were presented with a 16x10 grid of paired hexadecimal numbers. The first stage involves recognising executable code as well as unpicking some steganography.
Stage two involves developing a virtual machine to execute code.
The final stage involves constructing a file with 'gchqcyberwinAAAABBBBCCCC' where A, B, C are the codes from earlier in the challenge. This code, when run, generates a web address which has the keyword (the web address is wrong if you put the wrong a,b,c in).
Continued : http://www.theregister.co.uk/2011/12/05/gchq_code_breaking_puzzle_solved/
Also: Would-be spies who crack GCHQ code directed to £25,000 job vacancy
Related: British intelligence uses code puzzles for recruitment