Posts Tagged Cybercrime
Zeus baddies unleash nasty new bank Trojan
Posted by Mourad Ben Lakhoua in News on July 14, 2010
Hackers have created a new version of the Zeus crimeware toolkit that’s designed to swipe bank login details of Spanish, German, UK and US banks.
The malware payload, described by CA as Zeus version 3, is far more selective in the banks it targets. Previous versions targeted financial institutions around the world while the latest variant comes in two flavours: one that only target banks in Spain and Germany, and a second that only targets financial institutions in the UK and US.
In addition the latest version of Zeus contains features that makes it far harder for security researchers to figure out what the malware is doing. Zombie drones on the Zeus botnet operate on a need to know basis, CA explains.
“In earlier versions, Zeus handles this configuration file in a way that security researchers can easily manage to reverse engineer and capture the actual full configuration content,” writes Zarestel Ferrer, a senior research engineer with CA’s Internet Security Business Unit.
“This is no longer the case for the latest Zeus bot version 3, which is already in the wild.
“It employs layers of protection by applying the principle of least privilege. It means that the bot must only access remote command, information and resources that are necessary to a specific function and purpose.”
Command and control systems associated with the bot are “mostly hosted in Russia”, according to CA. Banks in Spain, UK, USA and Germany were the most targeted institutions in previous versions of the banking Trojan.
The unknown cybercrooks have tightened this focus with the latest version of the cybercrime toolkit, meeting customer demand in a manner akin to legitimate software developers releasing localised versions of tools in key geographical markets.
[Source: The Register]
Asprox is back!
Posted by Mourad Ben Lakhoua in Cybercrime, Cybercrime & Hacking, Vulnerabilities & attacks on June 27, 2010
Security researchers warn of a fast increase in the infected website with spam-botnet Asprox. Asprox botnet is carrying out attack using SQL-injection, which allowed this botnet to double its presence on the service provider’s access application. For one night the number of compromised resources increased from 5 to 11 thousand.
The botnet usually starts by scanning the network searching for a vulnerable host and if it detects a vulnerable website it conducts an attack on the targeted hosts.
M86 Security Company are currently monitoring and tracking the new threat. On a blog post Rodel Mendrez reported that the pattern of Asprox behavior have changed, while previously it used only to send spams, now it is implementing a massive SQL-injection.
As of this writing, there are three fast-flux domains that the bot attempts to contact.
CL63AMGSTART.RU
HYPERVMSYS.RU
ML63AMGSTART.RU
These three servers are the bot command and control servers, by analyzing the malware binary there are SQL statement as the picture shows:
By decrypting the XML file which the bot receives. Screen shot shows information about the targeted website:
And finally a simple search on Google shows that more than 5000 websites already infected.
As you can see that criminals are always searching for new ways to spread their malwares.
make sure you subscribe to my RSS feed!
DDoS Attack Target Swedish Police Network
Posted by Mourad Ben Lakhoua in Cybercrime, Web Security on November 2, 2009
According to thelocal news Swedish police website was subject for a DDoS attack last week. The result of this attack was a complete disrupt of the official website.
On the High traffic the server can treat about 800 requests per second but during the attack they detected about 400 thousand requests per second which is 5 times more than the normal high traffic.
The number of DDoS-attack has significantly increased to become one of the biggest threats on Internet, by looking at the history the beginning of DDoS attacks were mainly directed to disrupting IRC servers, but on 1997 there were a vulnerability on Microsoft windows TCP/IP that allowed hackers to send a lot of packets using several tools and dosing remote systems, another popular incident were on 2000 by turning down web service for many popular websites like YAHOO ,CNN, eBay and others, October 2002 Root DNS servers experienced a DDoS attack to make 7 of the 13 main servers out of service. And now we are seeing a lot of distributed denial of service (DDoS) attacks against social networking website like Twitter and Facebook…
Stopping DDoS attack depends on the whole internet community by protecting your machine from malware that could be used to run these attacks, the most popular Botnet’s are:
Conficker 10 million + Machine.
Kraken – 495 Thousand Machine.
Srizbi – 315 Thousands Machine.
Bobax – 185 Thousands Machine.
Rustock – 150 Thousands Machine.
Storm – 85 Tousands Machine.
make sure you subscribe to my RSS feed!
McAfee Announces Major Initiative to Fight Cybercrime
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on October 6, 2009
Security software company McAfee has published yesterday a Multipoint Strategy to Fight Cybercrime.
This announcement comes to reduce the National critical infrastructure Risks and have been launched one year ago with a focus on a three key areas Legal Frameworks and Law Enforcement, Education and Awareness, Technology and Innovation.
McAfee has emphasize that Energy, Telecommunication and Transport system are particularly vulnerable to attacks in which can affect on stumbling the Economy.
Here you can read more about McAfee Multipoint Strategy to Fight Cybercrime.
About McAfee Inc.
McAfee, Inc., headquartered in Santa Clara, California, is the world’s largest dedicated security technology company. It delivers proactive and proven solutions and services that secure systems and networks around the world, allowing users to browse and shop the Web securely. With its unmatched security expertise and commitment to innovation, McAfee empowers home users, businesses, the public sector and service providers by enabling them to comply with regulations, protect data, prevent disruptions, identify vulnerabilities and continuously monitor and improve their security. http://www.mcafee.com.
make sure you subscribe to my RSS feed!
Beware the MJ virus
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on July 3, 2009
ALABAMA, BIRMINGHAM – The world’s obsession with superstar Michael Jackson’s sudden death is being exploited by a range of digital crooks who – in at least one instance – are using it to infect computers with a virus that can steal bank-account numbers and passwords.
According to the University of Alabama at Birmingham (UAB) Spam Data Mine, cybercriminals are embedding the data- stealing virus in an e-mail “that claims to link you to a website that will reveal Michael Jackson’s killer”.
If you click on the message, you will open a door to malware that will invade your hard drive, dig up key information and even redirect certain Google searches you perform by inserting links to other virus-infected pages in the top positions of search results, warned Mr Gary Warner, UAB’s director of research in computer forensics.
In another e-attack, an Internet worm is being transmitted via a mass e-mail claiming to contain secret Jackson songs and photos, computer-security firm Sophos reported yesterday.
If you open the attachment, you risk infection. “Once infected, a computer will automatically spread the worm to other Internet users,” Sophos said.
Besides spreading via e-mail, Sophos experts note that the malware is also capable of spreading through an autorun component in USB memory sticks.
Even relatively less virulent e-attacks could land your e-mail address into a spam mailing list that is being compiled for sale.
The first Jackson-related cyber- threat emerged within eight hours of his death.
Sophos has also warned of another e-scam that is not malware, but rather a phoney humanitarian cause seeking money for the “Michael Jackson Organization”. – AGENCIES
[Source: digital.asiaone.com]
make sure you subscribe to my RSS feed!
'It takes just 1 minute to hack a govt website'
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on June 19, 2009
Ethical hacker Harold D’Costa breaks into a government website and intimates them immediately so they can secure the systems
Guess how long it took ethical hacker Harold D’Costa to hack into the website of the Maharashtra Motor Vehicles Department? Just a minute. D’Costa, who is the director of Intelligent Quotient System, a city-based cyber security firm, demonstrated to MiD DAY how simply and quickly www.mahatranscom.in can be hacked.
According to D’Costa, websites written on SQL platform with open-ended codes can be easily hacked into with an SQL injection. Sitting comfortably in his own office on Wednesday, he first logged into the Maharashtra Motor Vehicles department website with an SQL Injection code. He then showed how several changes can be made to the website and saved it for other visitors to read. For example, one could easily change notices posted on the site or tamper with the rules and regulations for vehicle owners and taxation laws.
[Source: mid-day]
make sure you subscribe to my RSS feed!
Kuwait, Interpol fight cybercrime
Posted by Mourad Ben Lakhoua in Cybercrime & Hacking on May 28, 2009
The State of Kuwait is closely coordinating with the Interpol at the level of fighting cybercrime, an official said yesterday. Director of the Security Information Department and official spokesman for the Ministry of the Interior Colonel Mohammad Al-Sabr, revealed that high level coordination was currently underway between the Interpol and Kuwait Interpol to address all Internet crimes.
Al-Sabr told a news briefing that this coordination falls within the framework of guidance of the senior leadership of the Ministry of the Interior and direct instructions of Assistant Undersecretary for Criminal Security Affairs Lieutenant General Ghazi al-Omar and follow-up by the Director-General of the Criminal Investigation Major General Abdul Hamid Al-Awadi and director of cyber crime prevention department Colonel Adel Al-Subaie. He said the Kuwaiti Interpol is involved in campaigns launched by the international Interpol against porn sites in many countries of the world such as Europe and America, including the (Tornado) campaign in the city of Wiesbaden, Germany, against the exploitation of children and minors in sex activities.
[Source: Kuwait Times]
Saudi set to form new unit to fight cybercrime
Posted by Mourad Ben Lakhoua in Cybercrime on May 12, 2009
Saudi Arabia is launching a new crackdown on cybercrimes, including fraud, in the kingdom, it emerged on Sunday.
A specialised department to look into online criminal activity will be formed in all the criminal investigation and criminal evidence departments in the country, it has been announced.
Lt Gen Saeed Al-Qahtani, the director general of Public Security, revealed the plan while attending an investigation department workshop on financial crimes in Riyadh, Saudi Gazette reported.
He said that because web-related crime was posing a threat to public security, authorities needed to act to fight back.
Specialists will be used to fight the criminals online, he said, and the latest equipments would be used to find evidence and prosecute offenders.
[Source: arabianbusiness]
make sure you subscribe to my RSS feed!
Hackers penetrate US air traffic control systems
Posted by Mourad Ben Lakhoua in News, Privacy & data protection, Vulnerabilities & attacks on May 9, 2009
According to a reportPDF by the US Federal Aviation Administration (FAA), in recent years hackers have repeatedly penetrated air traffic control systems via the internet. These incidents have been sufficiently serious that the hackers have been in a position to turn off power to servers.
In early 2009, hackers penetrated a web server, from where they were able to work their way further into FAA systems and were able to gain access to the personal details of 48,000 current and former FAA employees. In other cases, intruders were able to obtain an administrator password and use it to install their own applications on West coast air traffic domain controllers. In 2006, a virus even forced the FAA to shut down a portion of its air traffic control systems in Alaska.
Most intrusions merely caused problems operating local administrative networks; internal connections mean that such attacks could, however, quickly spread to air traffic control systems. This would endanger real time monitoring of airspace, communications and the dissemination of flight information.
[Source: h-online]
make sure you subscribe to my RSS feed!
Hacked to Pieces
Posted by Mourad Ben Lakhoua in News on April 27, 2009
Jolyon Jenkins investigates whether we have lost the war on cybercrime and looks at a new criminal economy which has grown to feed the demand for our most private details.
Jolyon finds that the security details of ordinary members of the public – their bank details, passwords, and secret security questions are being openly traded in cybercrime forums. He hands over his own laptop computer to an ‘ethical hacker’ and finds that it takes two minutes for its password to be cracked. Within a few more minutes, the hacker has installed a key-logging Trojan that secretly passes all his computer activity – passwords, emails and all – back to the hacker’s own computer.
He finds that we are all vulnerable to criminals who trade on our human weaknesses: our magpie-like obsession with gaudiness and trivia, and our willingness to click the OK button without thinking through the consequences.
Ever since the internet became mainstream, we have been hearing warnings about hackers, spammers and other renegades of the online world. The internet security business now threatens to overtake the Chinese army as the largest employer on earth. But what has this army of consultants achieved, apart from spending billions of dollars? Every year the situation gets steadily worse.
[Source: BBC]
make sure you subscribe to my RSS feed!
SUBSCRIBE
Latest Comments