Posts Tagged zombies
iPhone Next up for Hackers
Posted by Mourad Ben Lakhoua in News, Vulnerabilities on November 8, 2009
Botnets is becoming the biggest threat and arrived to all system in the globe even mobile devices, I don’t think that there is a person have not been a victim to Botnet, there is many people thinks that the operator is responsible of spamming their customers but this is not true.
Security professionals are always expecting the damage before it happens and try to solve the serious issue; today hackers have changed their landscape to get more benefit from there Cybercrimes.
The first important point to note that modern phones have wireless adapters. This can make them always online and vulnerable to such attack. Here I wanted to list some technical specification to demonstrate the benefits from implementing mobile-phone zombies comparing to classical infected machines:
1. Fast IP-address changing.
2. Low connection speed.
3. Ability to receive commands from the GSM network without the Internet (SMS..).
4. No Antivirus and Antispyware on the device.
5. No traffic control by the owner.
6. Storing personal data in the phone (credit card numbers, PINs, accounts, addresses, and so on.).
7. Calls and sending SMS.
8. Locator on the map GSM or GPS (if your phone has a controller).
9. Recorder (as a listening device).
As you can see here are 9 features that can serve Hackers perfectly to do their job. And by the way the list can be extended.
Now what is the tactic that hackers perform to implement botnets?
Usually they start by scanning the network searching for vulnerable hosts. The computers are identified by IP address but for the iphone it is identified by the IMEI a unique code issued by the manufacture. This code is also used to identify a stolen phone so if you lost your phone the Cellular operator can find it on the network using this ID. However the same IMEI are used for identifying the phone for the Zombies network.
After identifying the phone a Trojan should be executed by an infected website or any other way and this Trojan acts as a back door and opens a port on the local phone for connections. To get the instruction from a remote host and here the phone will act as the attacker desire sending spam for advertisement changing the wallpaper or Listening to the conversations. While there is no AV and no traffic control as a firewall… this phone will remain part of botnet.
Here is the First iPhone worm discovered and reported today by sophos.
The good news here is that this Bot network is not very big but we should be very careful about the iPhone sources and what we install on it (games, applications…).
make sure you subscribe to my RSS feed!
DDoS Attack Target Swedish Police Network
Posted by Mourad Ben Lakhoua in Cybercrime, Web Security on November 2, 2009
According to thelocal news Swedish police website was subject for a DDoS attack last week. The result of this attack was a complete disrupt of the official website.
On the High traffic the server can treat about 800 requests per second but during the attack they detected about 400 thousand requests per second which is 5 times more than the normal high traffic.
The number of DDoS-attack has significantly increased to become one of the biggest threats on Internet, by looking at the history the beginning of DDoS attacks were mainly directed to disrupting IRC servers, but on 1997 there were a vulnerability on Microsoft windows TCP/IP that allowed hackers to send a lot of packets using several tools and dosing remote systems, another popular incident were on 2000 by turning down web service for many popular websites like YAHOO ,CNN, eBay and others, October 2002 Root DNS servers experienced a DDoS attack to make 7 of the 13 main servers out of service. And now we are seeing a lot of distributed denial of service (DDoS) attacks against social networking website like Twitter and Facebook…
Stopping DDoS attack depends on the whole internet community by protecting your machine from malware that could be used to run these attacks, the most popular Botnet’s are:
Conficker 10 million + Machine.
Kraken – 495 Thousand Machine.
Srizbi – 315 Thousands Machine.
Bobax – 185 Thousands Machine.
Rustock – 150 Thousands Machine.
Storm – 85 Tousands Machine.
make sure you subscribe to my RSS feed!
Zombies an Increasing Concern
Posted by Mourad Ben Lakhoua in News on May 14, 2009
Computer zombies are out to get you. That may sound like a tagline from a bad B movie, but there’s truth behind it. A “zombie” in the computer lexicon is a computer that has been taken over by a piece of malicious software planted by a hacker typically for the purpose of secretly sending out unauthorized mass e-mail, or spam. That computer could be yours, and you could be totally in the dark about it.
According to a just-released study by computer security software company McAfee, cyber-criminals are having increasing success in commandeering the computers of others through the Internet in this way. McAfee has a vested interest in sounding the alarm. By doing so, it stands to sell more software. But it’s a company that has been around since 1987 and has a good reputation.
In the U.S., fully 18 percent of personal computers have become zombies, which is nearly a 50 percent increase from the previous quarter, according to McAfee Threats Reports: First Quarter 2009.
From our side we should remember that prevention is the best medicine. Make sure that Windows and your antivirus, firewall and other security software up to date. Those precautions will reduce the chances of getting infected. Secure your stuff and Keep working!
[Source: GovTech]
make sure you subscribe to my RSS feed!
Researcher: Worm infects 1.1M Windows PCs in 24 hours
Posted by Mourad Ben Lakhoua in News on January 15, 2009
It would make ‘one big badass botnet,’ says Finnish security company
The computer worm that exploits a months-old Windows bug has infected more than a million PCs in the past 24 hours, a security company said today.
Early Wednesday, Helsinki, Finland-based security firm F-Secure Corp. estimated that 3.5 million PCs have been compromised by the “Downadup” worm, an increase of more than 1.1 million since Tuesday.
The worm, which several security companies have described as surging dramatically during the past few days, exploits a bug in the Windows Server service used by all supported versions of Microsoft Corp.’s operating system, including Windows 2000, XP, Vista, Server 2003 and Server 2008.
The article is available here
SUBSCRIBE
