» Latest in internet security

Anonymous thrives under faceless guise

Simply because they share a name and iconography, does not suggest all Anonymous members share exactly the same beliefs. This really is based on security strategist Joshua Corman, who spoke about worldwide hacktivist group Anonymous at this week’s ITWeb Protection Summit, held in the Sandton Convention Centre. He pointed out that Anonymous is really a leaderless, fragmented group and includes a composite nature where the phrase ‘Anonymous’ is actually a brand and archetype that many personal hacktivists have used. Corman mentioned: “There is nothing new here; hacktivism is not new, nor is the phrase Anonymous. Nor is denial of services, defacements and the use of iconography and a decentralised group.” He warned that disorder invites more disorder, and not all Anonymous members seek to leak info to the public for your “good of society”. He noted that numerous members have malicious intentions and just “want to determine the world burn”. Anonymous has members that are focused on free speech, such as criticising certain legislation, as well as moral outrage and acting as being a legislation watchdog. But Corman pointed out that, within the other side, there is LulzSec, MalSec and malicious intent. “There’s no technology remedy to this, and throwing a lot more security at it is not likely to cease Anonymous. The old college means of how to disclose and prevent a data breach does not perform any longer.” According to Corman, about 270 folks have already been arrested from Anonymous from 18 countries. He pointed out there are energetic hacktivist cells in Brazil, Spain and Italy, to name a couple of. “There seems to be a correlation among unemployment rate inside a country and the variety of Anonymous members present in that nation,” additional Corman. He concluded: “The World wide web can not be managed and any attempt to consider additional fuels rebellion. When you do not have centralised leadership, it doesn’t matter what most do.” TweetVote on HN

Be the first to comment - What do you think?
Posted by nofate - May 20, 2012 at 10:26 am

Categories: News Tags: anonymous, hacktivists, Internet security

Spam with malicious attachments rising

Although the volume of spam messages is falling, the quantity of messages containing malicious attachments increased, which means that spam is developing much more dangerous even as it becomes less prevalent, according to a Bitdefender study. The amount of malicious attachments in January of this year rose four per cent from the same period of last year, even since the general variety of spam messages sent dropped by greater than 16 per cent inside the initial quarter of 2012 from the final quarter of 2011, Bitdefender research exhibits. From the 264.six billion spam messages sent daily, one.14 per cent carry attachments – about 300 million of which are malicious. Right after increasing in January, the development of malicious attachments levelled off amid an obvious pause in spam campaigns despite the fact that spam continued to fall overall. Attachments may are available in the kind of phishing kinds that trick users into typing in credit card credentials for scammers to utilize anytime they want. Or they may pack malware such as Trojans, worms and viruses that may at some point cause trouble to innocent customers. As this kind of attachment is becoming a expanding concern across the internet, Bitdefender wanted to see what exact pieces of malware end up in users’ inboxes. Listed here are top 5 most intriguing and frequent malware samples attached to spam e-mails: First discovered in 2008 – MyDoom – a mass mailing worm continues to be among essentially the most persistent pieces of malware to pierce users’ inboxes. After the skillfully social engineered emails persuade the consumer to open the attachment, the worm sends itself to all e-mail addresses discovered on that method using a variety of senders, topic tags and entire body text samples. MyDoom also drops a backdoor part on the system-host to grant a remote attacker complete entry towards the user’s computer. Additionally, it updates a list of infected IP addresses on a remote server. By doing this, every compromised system is listed right into a common database of infected computer systems accessible for the worm. MyDoom is identified to become utilized in denial-of-service attacks against antivirus and software creating companies‘ web sites. The second most widely spread malicious attachment is really a generic Javascript downloader that comes in the form of an obfuscated JS inside the HTML attachment. When the user opens the attached HTML file, the obfuscated Javascript executes itself and [...]

Be the first to comment - What do you think?
Posted by nofate - May 19, 2012 at 6:49 pm

Categories: News Tags: Internet security, malicious, spam

Hackers behind Flashback click fraud campaign haven’t been paid

The hackers in charge of the Flashback botnet managed to create $14,000 from their click fraud campaign, but haven’t been paid, Symantec said nowadays. New analysis of the Flashback botnet and also the traffic between contaminated Macs and command-and-control (C&C) servers exposed the earnings as well as the lack of payment, Liam O Murchu, manager of operations at Symantec’s security response center, mentioned in an interview these days. O Murchu credited security companies’ efforts for preventing the botnet’s handlers from generating more money through click fraud. “Lots of security companies sinkholed Flashback’s domains, and this caused [the hackers] a lot of problems,” mentioned O Murchu. Starting in early April, antivirus vendors, including Symantec, snatched potential C&C domains before the attackers did, effectively blocking orders from reaching many from the estimated 600,000 contaminated Macs. The commands fall down a metaphoric “sinkhole” instead. Part from the Flashback botnet survived those efforts, however. The hackers retained manage of at least 10,000 Macs, which they infected with additional code that steals clicks from ads that Google’s search engine displays alongside search results. Altogether, Flashback’s creators were able to use less than 2 percent in the botnet to crank out ghost clicks. Even though the percentage seems small, those Macs displayed more than 10 million ads in a three-week span; 400,000 of those ads were clicked by users. The 400,000 clicks were worth approximately $14,000. The profit-making strategy, called “click fraud,” redirects large numbers of people to online ads not normally served by the site the user is viewing. The criminals receive kickbacks from the sometimes-legitimate, sometimes-shady intermediaries for each ad clicked. In this case, said O Murchu, it seems the Flashback gang didn’t actually earn a dime. “The site visitors we’ve analysed tells us that they hadn’t been paid,” stated O Murchu, referring to the hackers’ efforts to get their money. “They haven’t been able to provide the information to the pay-per-click [PPC] affiliate that [was] required to be paid.” O Murchu declined to identify the PPC affiliate that served 98 percent of the Flashback-generated clicks, but stated it appeared the PPC was legitimate and not one of the shadier such firms that essentially pawn off bogus clicks as the real deal. Legitimate PPCs employ anti-fraud controls – including sample visitors from the source from the clicks – because without that verification they won’t be paid by advertisers, mentioned O Murchu. “Cashing out is [...]

Be the first to comment - What do you think?
Posted by nofate - May 18, 2012 at 8:22 pm

Categories: News Tags: click fraud, flashback, hackers, Internet security

Android security model doing best to enable mobile malware spread

Mobile malware is actual and attackers are using it to steal confidential company information stored on smartphones. But really don’t let anyone fool you into believing there is certainly a deep hacker think-tank at perform, developing exploits for that most recent mobile gadget vulnerabilities. Researchers this kind of as Dan Guido have as an alternative painted a clearer image of the mobile malware landscape, and it is frighteningly simple, and enabled very nicely for the most part by Google’s Android safety model. Guido, co-founder and CEO of study firm Trail of Bits, on Tuesday presented information at Info Security Selections 2012 that suggests attackers are utilizing a restricted quantity of publicly identified exploits to attack mobile phones, specifically the Android platform. And they’re performing so by way of malicious mobile applications which are enjoying success on app shops because of sub-standard vetting processes and code-signing practices. “We located zero malware within the iOS [Apple] App Shop and even more than 30 around the Google Marketplace on dozens of programs, probably impacting a huge selection of a large number of customers,” Guido mentioned. Attackers are keen on gaining privilege escalation on a mobile device as a way to exfiltrate information to a server they manage. Working on some straightforward economics, the cost of an assault has to be less than the potential income an attacker stands to achieve. Elements figuring to the cost of an attack for any hacker contain ease in which a device could be compromised, and the probability of getting caught, as well as the worth of the targeted information and whether it could be monetized. The best defense, Guido said, is to increase the price for attackers to exploit devices. Apple, he mentioned, has place in significant roadblocks to cease code execution. It indicators all code submitted to its App Store and applications are offered a special ID and directory. Also, its Seatbelt sandbox restricts programs from accessing information from other programs, decreasing the attack surface for that iOS kernel, Guido stated. Android’s safety capabilities decrease expenses for attackers, Guido said. Instead than code signing, Android employs No-eXecute or the NX bit, which limits places within the operating method where code is allowed to execute. Guido said this really is significantly less effective than the code signing Apple falls back upon. Apple also patches vulnerabilities that lead to jailbreaks significantly quicker than Google does for Android, which [...]

Be the first to comment - What do you think?
Posted by nofate - May 17, 2012 at 6:10 pm

Categories: News Tags: Android, malware, Security

LulzSec member pleads not guilty to charges he hacked Stratfor website

A former LulzSec member has pleaded not guilty to federal charges that he hacked to the servers of global intelligence company Stratfor and stole credit card data and private specifics of 860,000 of its clients. Jeremy Hammond entered the plea on Monday in the course of a quick hearing in US District Court in Manhattan, the Associated Press reported. He’s been held in federal custody because an initial court physical appearance in Chicago in early March, when federal prosecutors named him as being a lieutenant of LulzSec ringleader Hector Xavier “Sabu” Monsegur. There was no request for Hammond to be released on bail throughout Monday’s hearing, according to the AP report. In an indictment filed in Could, federal authorities mentioned Hammond stole information for about 60,000 bank cards from Stratfor servers, as well as e-mail as well as other information for about 860,000 from the service’s clients. Hammond, who allegedly employed on-line handles including “sup-g” and “Anarchaos,” was also accused of penetrating servers belonging for the Arizona Division of Public Safety and stealing law enforcement documents. He faces charges of conspiracy to commit pc hacking and connected offenses associated with the attacks. Although LulzSec members took great pains to distance themselves from their real-world identities, Hammond was in portion identified by statements he made in online chats. In one, he revealed that a friend had been arrested during protests last August in St. Louis. In an additional, he said he had been arrested in New York City throughout the Republican National Convention in 2004. He also pointed out serving time in federal prison. FBI investigators utilized the specifics to narrow this checklist of suspects. Hammond’s subsequent court appearance is scheduled for July 23, the AP stated. TweetVote on HN

Be the first to comment - What do you think?
Posted by nofate - May 16, 2012 at 8:17 am

Categories: News Tags: hacking, Internet security, LulzSec, not guilty

Bitcoin bank Bitcoinica still down after cyberheist

Bitcoin exchange Bitcoinica stays offline following a hack against its systems last week that resulted within the theft of digital currency valued at around $90,000 (£56k). The digital currency exchange took its servers offline on Friday following the discovery of a breach on Friday, like a statement on Bitcoinica’s website explains. It’s with significantly regret that we compose to inform our customers of the current safety breach at Bitcoinica. At around one:00pm GMT, our reside production servers have been compromised by an attacker plus they used this access to deplete our on the internet wallet of 18547 BTC. Follow-up reports on the Bitcointrader weblog propose that surfers visiting Bitcoinica had been redirected to a porn website in the time from the hack, an odd tactic as cyber-theft would appear to happen to be the only motive for that assault, and since the tactic then drew consideration to a deeper breach that may otherwise have gone undetected for longer. The redirection has been curtailed from the bitcoin exchange, but Bitcoinica’s providers may not return to typical for a while, a follow-up Bitcointrader post suggests. Bitcoinica stated it was suspending its operations for an unspecified period whilst it runs an investigation to the breach, the 2nd it’s suffered above current months. The exchange is keen to tension the thief stole from the exchange itself rather than from accounts maintained by customers, stressing that all withdrawal requests could be honoured. However Bitcoinica that its database was “likely compromised”, and that customers’ usernames, e mail addresses and account histories could be at risk. Such data might offer fodder for long term phishing attacks. Passwords and identifying documents had been kept in encrypted files and ought to become secure. Even so, the exchange nonetheless advises customers who’ve used their Bitcoinica password elsewhere on the net to alter up their passwords like a precaution. The most recent assault follows a hack against Bitcoinica’s hosting firm that led for the theft of $225,000 (£149,200) worth of Bitcoins only two months ago. Earlier reports suggested $70K (£43k) had been swiped following a cyberheist against internet host Linode, but these figures have been later on revised upwards. The Bitcoin virtual currency also hit the news final week with all the leak of an (unclassified) FBI internal report on the digital currency. The leaked memo (PDF) argues that that the digital currency is probably to turn out to be a [...]

Be the first to comment - What do you think?
Posted by nofate - May 16, 2012 at 7:48 am

Categories: News Tags: Bitcoin, Bitconica, Breach, Internet security

Hackers break into bitcoin exchange, steal $90,000 in bitcoins

Bitcoin exchange website Bitcoinica suspended its operations on Friday following hackers managed to steal 18,547 bitcoins — valued at about $90,000 — from its on-line wallet. The user database possibly was compromised as well, Bitcoinica’s administrators mentioned in an announcement posted around the site’s house web page. The information stored inside the database integrated usernames, email addresses and account histories. Account passwords were encrypted inside a way which makes it incredibly unlikely for them to be cracked, the Bitcoinica group stated. However, to be around the secure side, the team suggested users to alter their passwords on other web sites where they may have used them. The compromised user info can be utilized to launch phishing attacks, as has happened previously after numerous data breaches that exposed user email addresses. Consumers ought to be suspicious of any messages received on their e-mail addresses registered with Bitcoinica, the site’s administrators mentioned. “It is always a best practice to by no means click an e mail hyperlink to login to any on-line services.” Bitcoin is a cash-like digital currency that may be exchanged straight by users with out the need for any central payment services. It uses the peer-to-peer model for synchronizing transaction records among users. Bitcoinica noted the stolen bitcoins belonged for the exchange, not the consumers, and said it’ll honor any withdrawal request. However, it’s not clear when or if the site will resume operations. “It’s more serious than we believed,” mentioned Bitcoinica founder Zhou Tong, within a publish within the Bitcointalk forum on Saturday. “Likely we’ll either shut down the platform or re-develop totally (which will consider months as opposed to days).” The business requirements a lot more time to come up with a program to compensate consumers for the downtime along with other issues resulting from this security incident, Zhou said. Inside a separate submit on Sunday, Zhou exposed that he sold Bitcoinica to an undisclosed investor back in November 2011 and stayed with all the business as an employee in charge of every day operations until finally a new group took above two weeks ago. He also announced that he plans to retire from all bitcoin-related projects right after this incident is resolved. Safety breaches at bitcoin exchanges don’t only affect the customers of those exchanges, but the entire bitcoin community, because they negatively have an effect on the worth from the virtual currency. In June 2011, [...]

Be the first to comment - What do you think?
Posted by nofate - May 15, 2012 at 11:00 am

Categories: News Tags: Bitcoin, hackers, Internet security, steal

DHS Urges Users to Check for DNSChanger Malware, Time Is Running Out

Due to the enormous DNSChanger malware infection, a big number of consumers might shed their Web entry on July 9. Which is why the Department of Homeland Security (DHS) issued an advisory, urging individuals to make certain that by then their computer systems will be malware-free. At first, four million computers, spread out in a hundred countries, were affected from the malicious element. Ever given that the incident, security options providers, ISPs and state agencies happen to be operating with each other, wanting to clean up the mess. They have even create short-term DNS servers to give internauts more time for you to address the situation. Nonetheless, time is working out and in accordance with the experts, the people who rely on the clean servers could find that they are unable to access the internet if they do not rush to get rid of the threat. “As of April ten, there were nevertheless more than 84,000 infected personal computers inside the united states, and it’s possible that several consumers might not even know they have been infected,” Rand Beers, the Under Secretary for your National Safety and Programs Directorate (NPPD) wrote in a blog submit. “Please act now. The clean servers maintained from the personal sector in coordination with all the FBI will expire on July 9, 2012. World wide web users who have the DNSChanger malware and whose Internet Service Provider (ISP) has moved them to 1 in the clean servers, could not have access towards the Internet after this date,” he warned. Beers recommends customers to check their computer systems for indicators from the malware by using the options provided within the DNSChanger Functioning Group (DCWG) site. They offer resources to assist victims detect and remove the Trojan, together with advice on how devices may be protected against it. The figures on the DCWG site display that despite efforts, currently there still are above 350,000 victims of DNSChanger. Bear in mind, if by July 9 you aren’t Trojan-free, there is a huge opportunity that you’ll be blocked from accessing the net. TweetVote on HN

Be the first to comment - What do you think?
Posted by nofate - May 14, 2012 at 6:59 pm

Categories: News Tags: DHS, DNSChanger, Internet security, malware

Verizon Refuses to Identify Alleged BitTorrent Pirates

In its lawsuits against numerous alleged BitTorrent consumers, book publisher John Wiley and Sons has met unexpected resistance from World wide web supplier Verizon. For a number of factors including privacy issues, the ISP is refusing to comply having a subpoena which orders the organization to hand more than the personal particulars of subscribers who are accused of pirating “For Dummies” books. verizonLast fall, John Wiley and Sons became the first book publisher to go right after BitTorrent customers inside the US. By filing a mass-BitTorrent lawsuit the company grew to become certainly one of the numerous copyright holders who with each other have sued a quarter million people in the country given that early 2010. In current months, Wiley has continued to file yet much more fits against alleged BitTorrent pirates. Up till recently Wiley has enjoyed a straightforward ride in court. In numerous instances the New York federal court was fast to permit the book publisher to subpoena Web companies for that private specifics of account holders. With these specifics, Wiley can then strategy the defendants and negotiate an out-of-court settlement. But not if it is up to Verizon. Although most Internet suppliers generally really don’t object to a court-ordered subpoena, Verizon has refused to hand above the private specifics of accused subscribers. One of the causes offered by Verizon is that Wiley is demanding the information for improper purposes, namely “to harass, cause unnecessary delay, or needlessly boost the expense of litigation.” Additionally, the net supplier doubts whether or not the subpoena will result in the discovery of “relevant data.” Quite simply, Verizon appears to doubt that the person who pays for the account can also be the infringer. This issue was also raised by New York Judge Gary Brown in another situation last week, by which he concluded that an IP-address is not someone. In his order Brown argued that in mass-BitTorrent lawsuits it is just unknown whether the individual linked for the IP-address has something to complete with the alleged copyright infringements. In addition to the two points above Verizon makes five a lot more objections, including issues above privacy. The organization asserts that Wiley is seeking “information which is protected from disclosure by third parties’ rights of privacy and protections assured from the First Amendment.” For its component, Wiley isn’t convinced by Verizon’s protest and has asked the court to compel Verizon to react [...]

Be the first to comment - What do you think?
Posted by nofate - May 13, 2012 at 7:05 am

Categories: News Tags: bittorrent, Internet security, John Wiley and Sons, piracy, Verizon

Amnesty International UK site flung Gh0st RAT at surfers after hack

Amnesty International UK’s website was hacked early this week in an assault ultimately geared towards planting malware onto the PCs of going to surfers. Malicious Java code was planted on the web site in a bid to press the Gh0st RAT Trojan onto susceptible Windows machines. If effective, the assault plants malware onto machines that’s effective at extracting the user’s files, e mail, passwords and other delicate private information. The attack, which ran in between 7 and nine Might, was detected by internet protection organization Websense, which knowledgeable Amnesty about the risk. The human rights organisation has since cleaned up its website. Amnesty International is no stranger to this kind of assault. Its United kingdom site was strike by an identical drive-by-download-style assault back in 2009, along with a similar assault was released towards its Hong Kong web site a yr later on. Websense features a write-up from the newest assault in a blog site publish right here. The Gh0st Trojan has been utilized by suspected Chinese hackers in a number of superior persistent menace (APT) type attacks, most notably the ‘Nitro’ attacks in opposition to vitality firms in 2011. Chinese involvement within the Amnesty Global attack is suspected but unproven. “Yesterday [Wednesday] Amnesty.org.uk was afflicted with a piece of malicious code. When we grew to become conscious of the infection we labored with our web hosting company to isolate it and remove it as a issue of urgency. The situation was solved by yesterday lunchtime,” the business informed El Reg inside a assertion. “Security is very important to us and as well as extensive security measure in place to prevent exploits such as this, we also have constant monitoring in place to alert us immediately when incidents like this occur. ‘All our users profiles are held on a completely separate website and server and were in no way compromised by this incident. Amnesty International“ TweetVote on HN

Be the first to comment - What do you think?
Posted by nofate - May 12, 2012 at 1:22 pm

Categories: News Tags: Amnesty International, Internet security, malware, UK