Archive for category News
Symantec: Tapsnake Game Tracks Your Location
Posted by Mourad Ben Lakhoua in Anti-Viruses, News, Software Security on August 18, 2010
Symantec researchers reported a new malicious application in the virtual store Android Market, this application can determine users location in real time on AndroidOS.
Tapsnake is the name of the game which is a version of the popular game “Snake”. Game developers did not provide any information that the application sends each 15 minute victims specific location to a special server without the knowledge of user.
According to Symantec Developers describe the application as follows:
“Download and install the free Tap Snake game app from the Market to the phone you want to spy on. Press MENU and register the app to enable the service. Use the GPS Spy app with the registered email/key on your own phone to track the location of the other phone. Shows the last 24 hour of trace in 15 min increments.”
While the Trojan uploads the GPS data every 15 minutes to an application running on Google’s free App Engine service. GPS Spy then downloads the data and uses this service to conveniently display it as location points in Google Maps.
Well to have Tapsnake working attacker’s needs to have access to smartphones what is difficult and Android installation program notify users about any suspicious activities on the smartphone which is also a very good security measures.
For the best protection it is important to be careful during installing any third-party application on your mobile devices.
make sure you subscribe to my RSS feed!
DDoS Attack Target DNS Made Easy
Posted by Mourad Ben Lakhoua in News on August 10, 2010
DNS Made Easy have restored there online services after a distributed denial of service attacks on last Saturday. The reported size of DDoS is about 50 Gb/sec.
Identity and attackers motives have not been clarified yet but specialists assume that a major hacker’s botnet has been hired to conduct this DDoS attack.
On an official statement the company says that services were disrupted for 1,5 hours by this DDoS attack which has lasted for eight hours. While Level3, GlobalCrossing, Tinet, Tata, and Deutsche Telekom helped in reducing the effect of the attack.
Currently this is the most serious DDoS-attack recorded for at least the last 18 months. You can follow latest news http://twitter.com/DNSMadeEasy
while here is a Universal Tips to Avoid DDoS Attack
make sure you subscribe to my RSS feed!
Zeus Grabbing Kaspersky’s Digital Signatures
Posted by Mourad Ben Lakhoua in Anti-Viruses, Cybercrime, News on August 6, 2010
Trend Micro threat researchers has reported detecting several malicious web files that are using a strange digital signature which looks like be signed by antivirus company Kaspersky.
After analyzing the files and there signatures there has been a clear difference between the legitimate signature and fake one, the fake copy includes wrong hash values, and the signature has been expired.
This is not all what has been observed but after examining these web files it has been identified as a malicious ZeuS (ZBOT) variants detected as TSPY_ZBOT.BWP, TROJ_ZBOT.BYM, and TROJ_ZBOT.KJT.
This is not the first case that criminals use the Certificates to sign their web malwares. There has been another case about STUXNET malware that was also signed with a certificate from Realtek Semiconductors Corp. which has been later changed to JMicron Technology.
Now Trend Micro has notified Kaspersky Lab about this incident, while you can read more about Zeus here.
make sure you subscribe to my RSS feed!
WPA2 Might Be Spoofed!
Posted by Mourad Ben Lakhoua in News, Privacy & data protection, Vulnerabilities, Vulnerabilities & attacks on July 26, 2010
WPA2 (Wireless Protected Access ver. 2.0) – is the second version of a set of algorithms and protocols that protect data in wireless networks. As expected, WPA2 should significantly increase the security of wireless networks Wi-Fi compared with previous technologies. The standard provides the mandatory use of more powerful encryption algorithm AES (Advanced Encryption Standard) and authentication of 802.1X.
Panel of researchers reported discovering vulnerability in this protocol while it is widely used as a secure standard for wireless network. AirTight Networks said that this vulnerability concerns networks that match the IEEE802.11 Standard. The first demonstration of this vulnerability will be held in Defcon 18 on this week at Vegas.
Hole 196 is the name of this vulnerability and it uses the Man-in-the-middle method of attack, where the user is authorized in a WiFi network to intercept and decrypt all data transmitted and received by others on the same wireless network. Information that the exploit code will be publicly available, so that everyone can test it and use it, while there will be update by and standardizing bodies have been able to make adjustments in WP2.
Md Sohail Ahmad who will be demonstrating the attack at Defcon says that it took about 10 lines of code in open source MadWiFi driver software, freely available on the Internet, and an off-the-shelf client card for him to spoof the MAC address of the AP, pretending to be the gateway for sending out traffic. Clients who receive the message see the client as the gateway and “respond with PTKs”, which are private and which the insider can decrypt.
We will be following this research especially that all Access points are using this protocol and there should be un update available before the demo to fix this vulnerability.
make sure you subscribe to my RSS feed!
Hell Pizza’s Customer Database Hacked
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking, News on July 25, 2010
An online database for a Pizza store chain has been compromised this is According risky.biz, there is no credit card numbers but it contains about 400MB of customer’s information.
Currently Pizza stores are located in New Zealand, England, Australia and Ireland. Customers information are very important for this case as if a hacker managed to get access to these information (full names, addresses, phone numbers, e-mail addresses, passwords and order history ) the emails/phones can be used to extend the spam list and attack while all records and information can be lost.
One source Risky.Biz spoke to says they looked into the security of the website when rumours of the breach started doing the rounds:
Immediately I spotted the SQL Queries being made by the Flash SWF as part of the query string to the server-side. The Flash client makes queries which are hard-coded in the .swf (this is dumb as it means SQL Injection is effectively a ‘feature’ of the store).
You could easily alter the query string to show the hashes stored in the MySQL users table. I figured out the version of MySQL was 4.0 (Debian Sarge) – and the hashes in this version are very weak, cracking them would take less than a couple of hours.
MySQL was listening on a remote port, so one could simply log in remotely and run queries or dump the database slowly so as to not be noticed.
Security researcher and Metasploit creator H D Moore described the security arrangements of the online ordering portal, as described above, as “about 50 steps of fail”.
Another penetration tester says the Hell Pizza database is an excellent example of “non critical” information
that could still be used by attackers for great benefit.
Now the Hell Pizza invited to notify all costumers about the breach so they can take the security measures regarding thier credentials.
make sure you subscribe to my RSS feed!
Zeus baddies unleash nasty new bank Trojan
Posted by Mourad Ben Lakhoua in News on July 14, 2010
Hackers have created a new version of the Zeus crimeware toolkit that’s designed to swipe bank login details of Spanish, German, UK and US banks.
The malware payload, described by CA as Zeus version 3, is far more selective in the banks it targets. Previous versions targeted financial institutions around the world while the latest variant comes in two flavours: one that only target banks in Spain and Germany, and a second that only targets financial institutions in the UK and US.
In addition the latest version of Zeus contains features that makes it far harder for security researchers to figure out what the malware is doing. Zombie drones on the Zeus botnet operate on a need to know basis, CA explains.
“In earlier versions, Zeus handles this configuration file in a way that security researchers can easily manage to reverse engineer and capture the actual full configuration content,” writes Zarestel Ferrer, a senior research engineer with CA’s Internet Security Business Unit.
“This is no longer the case for the latest Zeus bot version 3, which is already in the wild.
“It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.”
Command and control systems associated with the bot are “mostly hosted in Russia”, according to CA. Banks in Spain, UK, USA and Germany were the most targeted institutions in previous versions of the banking Trojan.
The unknown cybercrooks have tightened this focus with the latest version of the cybercrime toolkit, meeting customer demand in a manner akin to legitimate software developers releasing localised versions of tools in key geographical markets.
[Source: The Register]
Cross-site scripting on YouTube
Posted by Mourad Ben Lakhoua in News, Vulnerabilities, Vulnerabilities & attacks, Web Security on July 4, 2010
XSS vulnerability in YouTube comments processing allows an attacker to execute arbitrary scripts in the security context.
Go on youtube. Choose any video. Add the following script:
<script>IF_HTML_FUNCTION?<h1><marquee><font color="red"><u>add your comment here<script>
Update (1): It is better to stay away from YouTube until they fix the vulnerability or at least logging out of YouTube if you use it.
Update (2): Google has informed that the vulnerability has now been fixed:
We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.
you can find the statement here.
make sure you subscribe to my RSS feed!
Fake YouTube Pages Spreading Malware
Posted by Mourad Ben Lakhoua in Cybercrime, Internet, News, Vulnerabilities & attacks on June 10, 2010
Researchers at eSoft Threat Prevention Team have discovered thousands of fake websites that looks like YouTube. The website contains video which leads to installing a downloader Trojan with a less than 20% detection rate according to Virus Total.
The site is looking very closely to Youtube with a high quality to make it looks legitimate and trick victims. Cybercriminals exploit the trust of users in youtube video hosting to have as much as possible of machine.
The pages contain some “Hot Video”, like Want to see a revealing video about the Gulf oil spill in Mexico or the NBA Finals?
This will attract victims so they agree to install the malicious application with a big possibility that the Antivirus even do not suspect in this file.
According to the eSoft Threat Prevention Team, there are now over 135,000 such sites sprouting up all over the Web this can be found by Google search engine. So do not trust websites and try as much as possible to update your antivirus definition with use web filters to detect and prevent these threats.
make sure you subscribe to my RSS feed!
McAfee 2010 First Quarter Threat Report
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on May 19, 2010
McAfee has issued the regular quarterly Threat report, which pointed to major network threats in the first quarter of this year, during this period the biggest threat to computers was USB malicious software. Attackers continue to enjoy the ability to launch applications automatically from external devices.
The report also stated the increasing of fake AV products with expanding their activities in this period. As for Spam the detected number for this part is about 139 billion spam messages, which mean about 89% of the total email number. 71% of emails are related to medical spams, 10 % for general category and 2% of spams for fake educational diploma or degrees. The leaders of these spams are China, South Korea and Vietnam.
McAfee also said that malware and spam in Thailand, Romania, the Philippines, India, Indonesia, Colombia, Chile and Brazil had surged with the increasing number of internet usage.
Comparing to the last two years the total number of malicious program for this period has decreased, however they expect that for next part the number of viruses will remain the same as last year.
make sure you subscribe to my RSS feed!
Symantec Detects WoW Game as a Malware
Posted by Mourad Ben Lakhoua in Anti-Viruses, News on May 18, 2010
A New update for Symantec Antivirus released by this weekend detects the popular game World of Warcraft as a malicious application.
Instead of playing users were forced to post their issue on the game forum with a description that Symantec AntiVirus takes scan.dll.new as a Trojan for stealing user’s data. A number of posts revealed that the problem remains not solved.
According Internet Storm Centre specialists, in last month’s there has been detected a lot of false positive despite the continues improvement of algorithms ,programs and accuracy of Anti-Virus products to protect users from malicious applications and this is due to the explosive growth of different viruses.
Some reports revealed that on a daily bases there is about 50 000 new malware samples, which forces Malware lab to accelerate updating their signature, and sometimes affects the quality of this update as the case of Symantec.
make sure you subscribe to my RSS feed!
-
You are currently browsing the archives for the News category.
SUBSCRIBE
Latest Comments