Smart Malware Injects Spam Into Messages
Security experts are warning of a Trojan horse that can automatically attach spam to emails, instant messages and bulletin board postings.
Symantec researcher Eric Chien said that the malware uses a Windows layered service provider component to watch network traffic and alter outgoing messages and posts.
"Message board spam is nothing new," Chien explained on the company's security response blog. "But what is different about this message board spam is that the spam text is integrated into legitimate messages posted by real users. "
The attack begins when a user follows a link posted on a spam message or posting promising a 'funny video'. The user is then tricked into downloading an executable that installs the Trojan, formally known as Trojan.Mespam.
The malware will attach the spam greeting to message board postings as well as instant messages sent from AIM, Yahoo Messenger, GTalk and ICQ.
Chien said that emails sent from most popular webmail services, including Google Mail, Hotmail and Yahoo Mail, will also be injected with spam code.
The researcher recommends users to avoid clicking on unrelated links in forum postings, emails and instant messages, and to avoid executing any unsolicited files from a suspicious source.
mercredi 28 février 2007
SEC Sues Company For Using Hacked Information In Trades
SEC Sues Company For Using Hacked Information In Trades: "The Securities and Exchange Commission is suing a Hong Kong company for allegedly making more than $2.7 million from illegal trades they made by reading corporate press releases before they were made public. The SEC filed a civil action on Monday against Blue Bottle, Ltd., a company chartered in Hong Kong but supposedly with offices in London, along with its owner and chief executive officer Matthew Charles Stokes. According to the SEC?s complaint summary, Blue Bottle had inside information before it made trades by hacking into unidentified computer systems just before at least 12 companies were to make important press releases public."
mardi 27 février 2007
Trojan forced PCs to take part in climate research project
Trojan forced PCs to take part in climate research project: "These days, if a Windows PC is infected with a trojan, it is quite likely that it will be used as a bot in a spam army to distribute advertising e-mails. But in some rare cases, the computer may suddenly find itself having to perform calculations of weather forecasts in a cluster. A moderator of the distributed computing project climateprediction.net has reported just such a case. The infection was discovered by chance when the Italian owner of a hijacked computer began to wonder why his laptop?s battery wasn?t lasting longer and found the boinc.exe process in his Task Manager."
Windows based ATM machine hacked, gets Painted
Windows based ATM machine hacked, gets Painted: "Although we wouldn?t expect to find the latest release of Photoshop on your neighborhood ATM, it?s not so far fetched to think that Paint would be left on a Windows-based ATM. We?ve seen a recent boost in cash machine hacking of late, and while this latest attempt doesn?t siphon illegal coinage out of the slot, it does make for quite a laugh."
German cops and spooks prep own spyware
German cops and spooks prep own spyware: "Federal Trojan for 'online searches'
Analysis Germany's police and secret services are pushing for a legal basis for "online house searches" – carried out without the knowledge of suspects, using spyware similar to a Trojan.
The German public learned of the practice in November last year, when a magistrate of the Bundesgerichtshof (Federal High Court) ruled that there is no legal basis for such measures as part of police inquiries.
Magistrate Ulrich Hebenstreit argued that house searches could only be carried out openly, with the knowledge of the suspect. In his view, and legal parlance, secretly searching a hard drive, whether in private or for commercial use, constituted "a major interference with the right to informational self-determination".
Moreover, because all data can be viewed and analysed by the authorities – from private photos to email correspondence – the suspect's right to refuse to give evidence was violated by the measure.
Hebenstreit's decision received mixed response.
While the Home Office stressed that it immediately stopped online searches, spokesman Christian Sachs says: "One organisational unit at the Bundeskriminalamt (Federal Criminal Office) is currently working on the technological basis for such online house searches. For obvious reasons, we cannot comment on the technicalities."
Minister of the Interior Wolfgang Schäuble intends to introduce a law to legalise the practice.
In fact, the measure, and online security in general, plays a major role in his imminent "programme for the strengthening of public security".
"The internet of today is a training camp, and an open university for terrorists," Schäuble says.
Bundeskriminalamt (BKA) president Jörg Ziercke believes the "Federal Trojan" (as the project has been dubbed by the public) is necessary because confiscating physical hard drives is almost useless. "They store their data on the internet and encrypt the hard drive. That is why we have to have access at the point of dissemination."
He said 99.9 per cent of German internet users will "have nothing to with this".
How often German law enforcers have tried to infect the PCs of suspects with Trojans is unclear. While the BKA talks about "only a few cases", Minister of Justice Brigitte Zypries, of the Social Democrats, knows of "four requests for online house searches so far".
However, the government, in an answer (PDF in German) to a written parliamentary question, says so far there have been no online house searches at all, because one request was rejected by the responsible judge, while another attempt failed because of "technical difficulties".
Influential German hacker organisation The Chaos Computer Club published a statement pointing to the possible consequences of successful infection with a Federal Trojan.
"The whole PC could be telecommanded, the webcam turned on, and the room surveilled acoustically, email and chat conversion could be followed."
However, the hackers are skeptical about the real danger posed by the spyware, and dryly recommend that "a well managed firewall and anti-virus software should take care of governmental or private spyware".
Mr Padeluun, a spokesperson of the data protection association FOEBUD, says the whole debate is nothing but a "smoke screen".
"As long as we are talking about Trojans, the danger is quite small. Another question, however, is if security agencies might soon be allowed to bug a computer with small hardware, which is far more difficult to detect."
Analysis Germany's police and secret services are pushing for a legal basis for "online house searches" – carried out without the knowledge of suspects, using spyware similar to a Trojan.
The German public learned of the practice in November last year, when a magistrate of the Bundesgerichtshof (Federal High Court) ruled that there is no legal basis for such measures as part of police inquiries.
Magistrate Ulrich Hebenstreit argued that house searches could only be carried out openly, with the knowledge of the suspect. In his view, and legal parlance, secretly searching a hard drive, whether in private or for commercial use, constituted "a major interference with the right to informational self-determination".
Moreover, because all data can be viewed and analysed by the authorities – from private photos to email correspondence – the suspect's right to refuse to give evidence was violated by the measure.
Hebenstreit's decision received mixed response.
While the Home Office stressed that it immediately stopped online searches, spokesman Christian Sachs says: "One organisational unit at the Bundeskriminalamt (Federal Criminal Office) is currently working on the technological basis for such online house searches. For obvious reasons, we cannot comment on the technicalities."
Minister of the Interior Wolfgang Schäuble intends to introduce a law to legalise the practice.
In fact, the measure, and online security in general, plays a major role in his imminent "programme for the strengthening of public security".
"The internet of today is a training camp, and an open university for terrorists," Schäuble says.
Bundeskriminalamt (BKA) president Jörg Ziercke believes the "Federal Trojan" (as the project has been dubbed by the public) is necessary because confiscating physical hard drives is almost useless. "They store their data on the internet and encrypt the hard drive. That is why we have to have access at the point of dissemination."
He said 99.9 per cent of German internet users will "have nothing to with this".
How often German law enforcers have tried to infect the PCs of suspects with Trojans is unclear. While the BKA talks about "only a few cases", Minister of Justice Brigitte Zypries, of the Social Democrats, knows of "four requests for online house searches so far".
However, the government, in an answer (PDF in German) to a written parliamentary question, says so far there have been no online house searches at all, because one request was rejected by the responsible judge, while another attempt failed because of "technical difficulties".
Influential German hacker organisation The Chaos Computer Club published a statement pointing to the possible consequences of successful infection with a Federal Trojan.
"The whole PC could be telecommanded, the webcam turned on, and the room surveilled acoustically, email and chat conversion could be followed."
However, the hackers are skeptical about the real danger posed by the spyware, and dryly recommend that "a well managed firewall and anti-virus software should take care of governmental or private spyware".
Mr Padeluun, a spokesperson of the data protection association FOEBUD, says the whole debate is nothing but a "smoke screen".
"As long as we are talking about Trojans, the danger is quite small. Another question, however, is if security agencies might soon be allowed to bug a computer with small hardware, which is far more difficult to detect."
Argentine: la distribution d'essence nationale paralysée par un pirate
Argentine: la distribution d'essence nationale paralysée par un pirate
L'Argentine vient de subir une attaque informatique sans précédent: la semaine dernière, un pirate informatique a réussi à pénétrer le système d'information du secrétariat à l'Energie argentin, via son site internet. Il a pu dès lors effectuer un certain nombre de modifications, la première visant à perturber l'approvisionnement en combustible d'un millier de stations services dans le pays (qui en compte plus de 4.000, Ndlr). Pour ce faire, il a effacé ces stations du registre établi par les autorités pour l'organisation et le contrôle de la livraison en carburants. C'est justement l'une d'entre elles qui a donné l'alerte ce week-end. Les stations concernées, non livrées, ont du anticiper et réduire en conséquence leur capacité de distribution.
Le pirate a également bloqué les livraisons vers les centres d'approvisionnement privés des entreprises, notamment ceux des compagnies d'autobus. Cette fois, il a modifié les données collectées et enregistrées dans le système d'information ministériel sur ces entreprises, en les déclarant non conformes à la réglementation nationale.
Une fois l'alerte donnée et l'étendue des dégâts constatée au plus haut niveau, le gouvernement et la filière carburant argentine se sont réunis en urgence samedi en fin de journée, pour tenter de rétablir la distribution dans le pays. Un système d'échange d'informations plus classique, par fax, a seul permis de réinjecter les bonnes informations, au cas par cas. L'enquête qui suivra va sans doute viser à déterminer à qui profite le crime, dans une attaque aussi ciblée et méthodique, touchant au processus informatique même de cette filière économique.
L'Argentine vient de subir une attaque informatique sans précédent: la semaine dernière, un pirate informatique a réussi à pénétrer le système d'information du secrétariat à l'Energie argentin, via son site internet. Il a pu dès lors effectuer un certain nombre de modifications, la première visant à perturber l'approvisionnement en combustible d'un millier de stations services dans le pays (qui en compte plus de 4.000, Ndlr). Pour ce faire, il a effacé ces stations du registre établi par les autorités pour l'organisation et le contrôle de la livraison en carburants. C'est justement l'une d'entre elles qui a donné l'alerte ce week-end. Les stations concernées, non livrées, ont du anticiper et réduire en conséquence leur capacité de distribution.
Le pirate a également bloqué les livraisons vers les centres d'approvisionnement privés des entreprises, notamment ceux des compagnies d'autobus. Cette fois, il a modifié les données collectées et enregistrées dans le système d'information ministériel sur ces entreprises, en les déclarant non conformes à la réglementation nationale.
Une fois l'alerte donnée et l'étendue des dégâts constatée au plus haut niveau, le gouvernement et la filière carburant argentine se sont réunis en urgence samedi en fin de journée, pour tenter de rétablir la distribution dans le pays. Un système d'échange d'informations plus classique, par fax, a seul permis de réinjecter les bonnes informations, au cas par cas. L'enquête qui suivra va sans doute viser à déterminer à qui profite le crime, dans une attaque aussi ciblée et méthodique, touchant au processus informatique même de cette filière économique.
L'ICANN menace de suspendre le contrat d'un registrar
L'ICANN menace de suspendre le contrat d'un registrar
Devant la grogne montante de clients lésés par un registrar américain, le régulateur du nommage sur Internet a décidé d'agir.
Dans une récente chronique, nous nous étonnions de l'apparente impuissance du médiateur officiel de l'ICANN face à un registrar américain en apparence peu scrupuleux. Registerfly donne en effet beaucoup de soucis à ses clients, souvent dans l'incapacité de renouveler ou de transférer un nom ou même de savoir pourquoi leur carte de crédit a été débitée.
Nous n'avons pas été les seuls à afficher une certaine surprise face à l'inaction de l'ICANN et de son "ombudsman" Frank Fowlie. L'affaire a même commencé à prendre de l'importance outre Atlantique avec la publication de plusieurs articles de presse assez critiques.
Cette pression médiatique a semble-t-il poussée l'ICANN à agir. Et c'est par le biais du blog de son ombudsman que le régulateur a annoncé un changement de ton vis-à-vis de Registerfly. L'un des vice-présidents de l'ICANN y a en effet posté une lettre officielle envoyée à la direction du registrar récalcitrant. Ce dernier a 15 jours pour remédier à la situation, sans quoi il pourrait perdre son accréditation officielle lui permettant de vendre des noms de domaine sous l'égide de l'ICANN.
Devant la grogne montante de clients lésés par un registrar américain, le régulateur du nommage sur Internet a décidé d'agir.
Dans une récente chronique, nous nous étonnions de l'apparente impuissance du médiateur officiel de l'ICANN face à un registrar américain en apparence peu scrupuleux. Registerfly donne en effet beaucoup de soucis à ses clients, souvent dans l'incapacité de renouveler ou de transférer un nom ou même de savoir pourquoi leur carte de crédit a été débitée.
Nous n'avons pas été les seuls à afficher une certaine surprise face à l'inaction de l'ICANN et de son "ombudsman" Frank Fowlie. L'affaire a même commencé à prendre de l'importance outre Atlantique avec la publication de plusieurs articles de presse assez critiques.
Cette pression médiatique a semble-t-il poussée l'ICANN à agir. Et c'est par le biais du blog de son ombudsman que le régulateur a annoncé un changement de ton vis-à-vis de Registerfly. L'un des vice-présidents de l'ICANN y a en effet posté une lettre officielle envoyée à la direction du registrar récalcitrant. Ce dernier a 15 jours pour remédier à la situation, sans quoi il pourrait perdre son accréditation officielle lui permettant de vendre des noms de domaine sous l'égide de l'ICANN.
vendredi 23 février 2007
Phishers find India - Indians are keenly competitive with the Chinese
Phishers find India - Indians are keenly competitive with the Chinese: "As readers of this blog can attest, lots of Indians are keenly competitive with the Chinese. But there's one industry where Indians have been happy to lag behind China : Internet fraud. For years, China has been a top source of spam and phishing sites, afflicting not just Chinese but Net users worldwide."
jeudi 22 février 2007
Region appears in cybercrime
Region appears in cybercrime: "Cyber criminals are stepping up their focus on the Middle East, as more people go online, experts warned this week.
The alert follows the busting..."
The alert follows the busting..."
The Great eBay Conspiracy Theory
The Great eBay Conspiracy Theory: "The Register presents a conspiracy theory involving allegedly hacked eBay accounts while an eBay spokesman says all indications suggest that the accounts were compromised through simple phishing techniques"
The Metamorphosis of spam
http://www.castlecops.com/article-6747-nested-0-0.html
Tim_aka_Red_Barren writes "I would like to talk to you about one of my favorite subjects -- spam. More and more spam is making it into inboxes around the world. Some estimate that as much as 90% of all e-mail is spam. However, the nature of spam has changed in the past year or so. Before that, spam was primarily sent to sell you something, be it prescription drugs, body enhancement drugs, or fake watches. Now more and more of it will attempt to download malicious programs that will record your keystrokes and steal your personal information, or turn your computer into a zombie that will send out more spam, or both.
When I was a moderator for Blue Security, we underwent a Distributed Denial of Service (DDoS) attack from zombie computers under control of a Russian speaking spammer. This spammer (or spam gang), which we called PharmaMaster, claimed to make three million dollars a month off of spam. Unwilling to give up that income, he paid a hacker $2,000 an hour to perform the DDoS against us. It cost him over a million dollars by the time all was said and done, but it exhausted the funding of Blue Security and they were forced to close shop.
He saw the potential profit in paying hackers to write malicious software for him. Hackers used to write their evil software just for fame, but now they were being offered money to have criminal creations made to order. To shield himself from prosecution, this spammer would collect personal information, then lease the information to other criminals in return for part of the money they stole. Unfortunately for him, some of those that leased the information are less than bright, and after stealing about $300,000 from Turkish banks accounts, they got caught.
They told Interpol who the Russian(s) are. With the FTC promising greater international cooperation, I can only hope that these internet terrorists will be brought to justice. "
Tim_aka_Red_Barren writes "I would like to talk to you about one of my favorite subjects -- spam. More and more spam is making it into inboxes around the world. Some estimate that as much as 90% of all e-mail is spam. However, the nature of spam has changed in the past year or so. Before that, spam was primarily sent to sell you something, be it prescription drugs, body enhancement drugs, or fake watches. Now more and more of it will attempt to download malicious programs that will record your keystrokes and steal your personal information, or turn your computer into a zombie that will send out more spam, or both.
When I was a moderator for Blue Security, we underwent a Distributed Denial of Service (DDoS) attack from zombie computers under control of a Russian speaking spammer. This spammer (or spam gang), which we called PharmaMaster, claimed to make three million dollars a month off of spam. Unwilling to give up that income, he paid a hacker $2,000 an hour to perform the DDoS against us. It cost him over a million dollars by the time all was said and done, but it exhausted the funding of Blue Security and they were forced to close shop.
He saw the potential profit in paying hackers to write malicious software for him. Hackers used to write their evil software just for fame, but now they were being offered money to have criminal creations made to order. To shield himself from prosecution, this spammer would collect personal information, then lease the information to other criminals in return for part of the money they stole. Unfortunately for him, some of those that leased the information are less than bright, and after stealing about $300,000 from Turkish banks accounts, they got caught.
They told Interpol who the Russian(s) are. With the FTC promising greater international cooperation, I can only hope that these internet terrorists will be brought to justice. "
Phishing, Fraud and Dastardly Deeds :: South Korea a safe haven for hackers, crackers and scammers.
Phishing, Fraud and Dastardly Deeds :: South Korea a safe haven for hackers, crackers and scammers.: "Author: antiphishing
Subject: South Korea a safe haven for hackers, crackers and scammers.
Posted: Wed Feb 21, 2007 6:55 pm (GMT 0)
Korea Becomes Haven for Hackers
By Kim Tae-gyu
Staff Reporter
The dominance of the Windows operating system coupled with a lack of interest in cyber security and state-of-the-art Internet infrastructure has made Korea a haven for hackers.
They failed to disrupt the resilient Internet, which is safeguarded unless all 13 root servers and many more back-up servers are overwhelmed
for about a week at the same time.
http://times.hankooki.com/lpage/tech/200702/kt2007021916025512350.htm
(text only)
http://www.infosecnews.org/pipermail/isn/2007-February/014343.html
_________________
Boycott Microsoft, use Linux RedHat Fedora and Mozilla Firefox
Specializing in 'takes downs' of phishing and advance fee scams.
Send you phishing scams to: phish@antihotmail.com
http://www.dslreports.com/profile/1021645"
Subject: South Korea a safe haven for hackers, crackers and scammers.
Posted: Wed Feb 21, 2007 6:55 pm (GMT 0)
Korea Becomes Haven for Hackers
By Kim Tae-gyu
Staff Reporter
The dominance of the Windows operating system coupled with a lack of interest in cyber security and state-of-the-art Internet infrastructure has made Korea a haven for hackers.
They failed to disrupt the resilient Internet, which is safeguarded unless all 13 root servers and many more back-up servers are overwhelmed
for about a week at the same time.
http://times.hankooki.com/lpage/tech/200702/kt2007021916025512350.htm
(text only)
http://www.infosecnews.org/pipermail/isn/2007-February/014343.html
_________________
Boycott Microsoft, use Linux RedHat Fedora and Mozilla Firefox
Specializing in 'takes downs' of phishing and advance fee scams.
Send you phishing scams to: phish@antihotmail.com
http://www.dslreports.com/profile/1021645"
mercredi 21 février 2007
How many bots? How many botnets?
http://blogs.securiteam.com/index.php/archives/828
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well –
I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up.
We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: “why be able to destroy the world a thousand times over if once is more than enough?” we often also changed it to say “3 times” as redudancy could be important. :>
Today, it is clear the bad guys can get their hands on as many bots as they need, or in a more scary scenario, want. They don’t need that many.
As a prime example, I believe that VeriSign made it public that only 200 bots were used in the DNS amplification attacks against them last year. Even if they missed one, two or even three zeroes, it speaks quite a bit as to our fragile infrastructure.
If brute force alone can acheive this, what of application attacks, perhaps even 0days?
Still, we keep surviving and we will still be here next year, too, with bigger and bigger trucks and tubes to hold the Internet together, whether for regular or malicious usage. eCommerce and online banking might not survive in a few years if people such as us here don’t keep doing what we do, but that part of it is off topic to NANOG.
10 years ago, almost no one knew what botnets were. Counting and measuring seemed to be very important 3 years ago, and to governments and academics, even a year ago. Today it is just what funding for botnet research is based on ( ), still, I don’t really see the relevance. Botnets are a serious issue, but they are only a sympthom of the problem called the Internet.
Sitting on different networks and testing them for how many malicious scans happen every second/minute/hour/day and then checking that against how many machines with trivially exploited vulnerabilities exist on these networks can fill in some of the puzzle, but the delta from what we may see if we consider email attachments and malicious web sites…
The factor may be quite big.
We will never be able to count how many bots exist. We can count limited parts of that pool such as those seen in spam. These are several millions every day (which should be scary enough) but not quite the right number.
And this is before we get into the academic off-topic discussion of what a bot actually is, which after almost 11 years of dealing with these I find difficult to define. Is it an IP address? A computer? Perhaps an instance of a bot sample (and every machine could have even hundreds).
Welcome to the realm of Internet security operations and the different groups and folks involved (and now industry). It is about Internet security rather than this or that network security or this and that sample detection.
Gadi Evron,
ge@linuxbox.org.
We touched on this subject in the past, but recently Rich Kulawiek wrote a very interesting email to NANOG to which I replied, and decided to share my answer here as well –
I stopped really counting bots a while back. I insisted, along with many friends, that counting botnets was what matters. When we reached thousands we gave that up.
We often quoted anti-nuclear weapons proliferation sentiments from the Cold War, such as: “why be able to destroy the world a thousand times over if once is more than enough?” we often also changed it to say “3 times” as redudancy could be important. :>
Today, it is clear the bad guys can get their hands on as many bots as they need, or in a more scary scenario, want. They don’t need that many.
As a prime example, I believe that VeriSign made it public that only 200 bots were used in the DNS amplification attacks against them last year. Even if they missed one, two or even three zeroes, it speaks quite a bit as to our fragile infrastructure.
If brute force alone can acheive this, what of application attacks, perhaps even 0days?
Still, we keep surviving and we will still be here next year, too, with bigger and bigger trucks and tubes to hold the Internet together, whether for regular or malicious usage. eCommerce and online banking might not survive in a few years if people such as us here don’t keep doing what we do, but that part of it is off topic to NANOG.
10 years ago, almost no one knew what botnets were. Counting and measuring seemed to be very important 3 years ago, and to governments and academics, even a year ago. Today it is just what funding for botnet research is based on ( ), still, I don’t really see the relevance. Botnets are a serious issue, but they are only a sympthom of the problem called the Internet.
Sitting on different networks and testing them for how many malicious scans happen every second/minute/hour/day and then checking that against how many machines with trivially exploited vulnerabilities exist on these networks can fill in some of the puzzle, but the delta from what we may see if we consider email attachments and malicious web sites…
The factor may be quite big.
We will never be able to count how many bots exist. We can count limited parts of that pool such as those seen in spam. These are several millions every day (which should be scary enough) but not quite the right number.
And this is before we get into the academic off-topic discussion of what a bot actually is, which after almost 11 years of dealing with these I find difficult to define. Is it an IP address? A computer? Perhaps an instance of a bot sample (and every machine could have even hundreds).
Welcome to the realm of Internet security operations and the different groups and folks involved (and now industry). It is about Internet security rather than this or that network security or this and that sample detection.
Gadi Evron,
ge@linuxbox.org.
vendredi 16 février 2007
China detains six men over 'panda' virus
China detains six men over 'panda' virus: "China has detained six men in their twenties for writing or profiting from a computer virus dubbed the 'joss stick burning panda', which has infected more than a million PCs in the country, local media said on Wednesday. The worm wreaked havoc among individual and corporate users in China in a late-2006 outbreak, deleting files, damaging programs and attacking web portals. The virus got its name from changing icons on desktops into cute cartoon pandas, the most famous of which holds three burning joss sticks in his paws."
mercredi 14 février 2007
Mid East Hackers Challenge offers cash prizes
http://www.infosecnews.org/pipermail/isn/2007-February/014305.html
http://www.ameinfo.com/110459.html
February 13, 2007
Hack In The Box (M) Sdn Bhd (HITB) announced that it will be hosting a
Capture the Flag ('CTF') hacking competition during the upcoming
HITBSecConf2007 with cash prizes up for grabs.
The 2-day attack-only competition will be held from 4th - 5th April 2007
at the Sheraton Creek Hotel, Dubai and will run concurrently with a
technology showcase and dual-track security conference. This will be the
second CTF competition to be hosted in the Middle East, with the first
game hosted at HITBSecConf2005 - Bahrain.
Unlike the popular attack-and defense game hosted in its Kuala Lumpur
conference, the version of the game that will be run in Dubai is an
attack only version which sees teams of up to three players race against
each other to attack pre-configured servers and target machines. These
pre-configured servers mimic real-world applications and installations,
such as web servers, email servers, and DNS servers. These machines and
applications contain both publicly known and vulnerabilities that have
been specifically designed for the game. The teams are free to use
whatever technical hacking skills that they have to exploit these
vulnerabilities.
During the two-day event, the team that has collected the most flags
will be adjudged the winner. The CTF competition and prizes are being
sponsored by Malaysian-based SCAN Associates Bhd ('SCAN').
SCAN is Malaysia's premier and trusted Information and Communication
Technology (ICT) security solutions provider. It has the distinction of
being listed on the Mesdaq market of the Kuala Lumpur Stock Exchange
(KLSE) in October 2006. The company has garnered many international
accolades since its incorporation in September 2000. Among them are the
2006 Frost and Sullivan Telecoms Award for Managed Security Service
Provider of the Year; certified ISO 27001 in Information Security
Management System since 2005; and the award of MasterCard Site Data
Protection Compliance Certificate in 2005 for its Security Posture
Assessment module. Its ICT security research findings have also been
acknowledged by Microsoft Inc and US Homeland Security Agency. SCAN is
also the developer and operator of the largest Security Operations
Centre in South East Asia, covering the monitoring and surveillance of
500 security devices for more than 150 organisations. Currently, the
company operates from four different countries, i.e. Malaysia,
Indonesia, Saudi Arabia and the UAE.
"The CTF creates an avenue for hackers to show their skills in an
environment that is both legal and fun. In addition it allows
information security practitioners the opportunity to showcase their
security research capabilities and skills to the rest of the world,"
said Meling Mudin, lead organiser of the CTF competition and a core
member of the HITB team.
'This is evident by the number of serious independent security
consultants, security research and development companies, and security
consulting companies which routinely send their best guys to participate
in the Malaysian competition', he added.
Commenting on the CTF sponsorship, Mr Aminuddin Baki Esa, Group Chief
Executive Officer of SCAN, said 'Our participation in HITBSecConf2007
underlines our commitment to the best brains in network security for the
event in Dubai. We are proud to be the main sponsor for the Capture the
Flag competition as well as the sponsor for the top three cash prizes in
the CTF competition. We hope that the event will help promote greater
awareness of the field of network security, which is one of our core ICT
security offerings, to the region'.
HITBSecConf2007 - Dubai will run for a four-day period from the 2nd till
the 5th of April 2007. The event kicks off with two-days of technical
training sessions followed by a two-day dual-track security conference,
which coincides with a technology showcase and the Capture The Flag
competition.
The conference will see over 20 world renowned security researchers and
features keynote speakers Mikko Hypponen, Chief Research Officer of
F-Secure Corp and Lance Spitzner, Founder of the Honeynet Project.
Hypponen will be speaking on 'Online Crime and Crime Online' on Day 1
while Spitzner will give attendees an inside look at honeypots in a
paper titled 'Honeypots: Today and Tomorrow' on Day 2.
http://www.ameinfo.com/110459.html
February 13, 2007
Hack In The Box (M) Sdn Bhd (HITB) announced that it will be hosting a
Capture the Flag ('CTF') hacking competition during the upcoming
HITBSecConf2007 with cash prizes up for grabs.
The 2-day attack-only competition will be held from 4th - 5th April 2007
at the Sheraton Creek Hotel, Dubai and will run concurrently with a
technology showcase and dual-track security conference. This will be the
second CTF competition to be hosted in the Middle East, with the first
game hosted at HITBSecConf2005 - Bahrain.
Unlike the popular attack-and defense game hosted in its Kuala Lumpur
conference, the version of the game that will be run in Dubai is an
attack only version which sees teams of up to three players race against
each other to attack pre-configured servers and target machines. These
pre-configured servers mimic real-world applications and installations,
such as web servers, email servers, and DNS servers. These machines and
applications contain both publicly known and vulnerabilities that have
been specifically designed for the game. The teams are free to use
whatever technical hacking skills that they have to exploit these
vulnerabilities.
During the two-day event, the team that has collected the most flags
will be adjudged the winner. The CTF competition and prizes are being
sponsored by Malaysian-based SCAN Associates Bhd ('SCAN').
SCAN is Malaysia's premier and trusted Information and Communication
Technology (ICT) security solutions provider. It has the distinction of
being listed on the Mesdaq market of the Kuala Lumpur Stock Exchange
(KLSE) in October 2006. The company has garnered many international
accolades since its incorporation in September 2000. Among them are the
2006 Frost and Sullivan Telecoms Award for Managed Security Service
Provider of the Year; certified ISO 27001 in Information Security
Management System since 2005; and the award of MasterCard Site Data
Protection Compliance Certificate in 2005 for its Security Posture
Assessment module. Its ICT security research findings have also been
acknowledged by Microsoft Inc and US Homeland Security Agency. SCAN is
also the developer and operator of the largest Security Operations
Centre in South East Asia, covering the monitoring and surveillance of
500 security devices for more than 150 organisations. Currently, the
company operates from four different countries, i.e. Malaysia,
Indonesia, Saudi Arabia and the UAE.
"The CTF creates an avenue for hackers to show their skills in an
environment that is both legal and fun. In addition it allows
information security practitioners the opportunity to showcase their
security research capabilities and skills to the rest of the world,"
said Meling Mudin, lead organiser of the CTF competition and a core
member of the HITB team.
'This is evident by the number of serious independent security
consultants, security research and development companies, and security
consulting companies which routinely send their best guys to participate
in the Malaysian competition', he added.
Commenting on the CTF sponsorship, Mr Aminuddin Baki Esa, Group Chief
Executive Officer of SCAN, said 'Our participation in HITBSecConf2007
underlines our commitment to the best brains in network security for the
event in Dubai. We are proud to be the main sponsor for the Capture the
Flag competition as well as the sponsor for the top three cash prizes in
the CTF competition. We hope that the event will help promote greater
awareness of the field of network security, which is one of our core ICT
security offerings, to the region'.
HITBSecConf2007 - Dubai will run for a four-day period from the 2nd till
the 5th of April 2007. The event kicks off with two-days of technical
training sessions followed by a two-day dual-track security conference,
which coincides with a technology showcase and the Capture The Flag
competition.
The conference will see over 20 world renowned security researchers and
features keynote speakers Mikko Hypponen, Chief Research Officer of
F-Secure Corp and Lance Spitzner, Founder of the Honeynet Project.
Hypponen will be speaking on 'Online Crime and Crime Online' on Day 1
while Spitzner will give attendees an inside look at honeypots in a
paper titled 'Honeypots: Today and Tomorrow' on Day 2.
When Malware Attacks Malware
When Malware Attacks Malware: "PetManimal writes 'Researchers say that the Storm Trojan/Peacomm worm has been tweaked to spread via IM programs and attack rival malware. Symantec sounded the alarm, and says that the exploit launches in AOL, Google Talk, and Yahoo Messenger windows that are already open, making it appear to be a legitimate message from a known user. The worm has modified the code from last year's Nuwar worm, and when activated, enables a DDoS attack against any site, including antispam services and servers supporting rival malware: 'Systems hijacked by Peacomm have also conducted DDoS attacks against at least five domains used by the creators of the noted Warezov (or Stration) worm. After a busy September and October, Warezov was credited by some analysts as the genesis of 2006's massive fourth-quarter spike in spam volume.''"
Eight arrested in virus case
Eight arrested in virus case:
BEIJING, Feb. 13 -- Police Monday arrested eight suspects involved in producing and disseminating a severe computer virus, according to Xinhua News Agency.
Police said it was the first case related to the spreading of computer viruses in China.
Li Jun, a 25-year-old hacker from Wuhan, in Central China's Hubei Province, is accused of creating Xiongmao Shaoxiang (Panda burns joss-sticks), a worm that has hit millions of computers in the country since November 2006.
Li told police he programmed the virus on Oct. 16, 2006, and made more than 100,000 yuan (13,000 U.S. dollars) selling it to over 120 people via the Internet both himself and through agents.
The man has also created three other viruses, all of which have wrecked havoc on China's Internet communities.
Apart from Li, five of the other seven suspects, with an average age of 23, are accused of mutating and spreading various computer viruses including Xiongmao Shaoxiang.
Based in different areas of China including Shandong and Zhejiang provinces, these five major suspects are also charged with making illegal profits by stealing accounts of computer games on QQ, an online chatting tool equivalent to ICQ.
Xiongmao Shaoxiang, officially named Worm_Viking, is said to be the top computer killer of the past four months, according to the National Computer Virus Emergency Response Center.
An infected computer will display a blue screen, go through frequent automatic restarts and lose hardware data. All its files are shown as a panda icon. The virus also features a Trojan horse program, which can steal the passwords of computer users.
Police began investigating the virus in the middle of January, with officers from more than 10 regions joining forces to crack the case.
(Source: China Daily)
BEIJING, Feb. 13 -- Police Monday arrested eight suspects involved in producing and disseminating a severe computer virus, according to Xinhua News Agency.
Police said it was the first case related to the spreading of computer viruses in China.
Li Jun, a 25-year-old hacker from Wuhan, in Central China's Hubei Province, is accused of creating Xiongmao Shaoxiang (Panda burns joss-sticks), a worm that has hit millions of computers in the country since November 2006.
Li told police he programmed the virus on Oct. 16, 2006, and made more than 100,000 yuan (13,000 U.S. dollars) selling it to over 120 people via the Internet both himself and through agents.
The man has also created three other viruses, all of which have wrecked havoc on China's Internet communities.
Apart from Li, five of the other seven suspects, with an average age of 23, are accused of mutating and spreading various computer viruses including Xiongmao Shaoxiang.
Based in different areas of China including Shandong and Zhejiang provinces, these five major suspects are also charged with making illegal profits by stealing accounts of computer games on QQ, an online chatting tool equivalent to ICQ.
Xiongmao Shaoxiang, officially named Worm_Viking, is said to be the top computer killer of the past four months, according to the National Computer Virus Emergency Response Center.
An infected computer will display a blue screen, go through frequent automatic restarts and lose hardware data. All its files are shown as a panda icon. The virus also features a Trojan horse program, which can steal the passwords of computer users.
Police began investigating the virus in the middle of January, with officers from more than 10 regions joining forces to crack the case.
(Source: China Daily)
mardi 13 février 2007
Ministry of Internal Affairs: cybercrime stopped in Russia
Ministry of Internal Affairs: cybercrime stopped in Russia: "Cybercrime growth stopped in Russia, - the head of Ministry?s technical operations buro Boris Miroshnikov declared yesterday. He reports 14,000 crimes in hi-tech within 2006, the same number within 2005. 'I may state the growth of computer crime stopped in our country', concluded Boris Miroshnikov."
China Creates Massive Online ID Database
China Creates Massive Online ID Database: "schwaang writes that while the US continues to hash out concerns over the Real ID Act, which aims to create a national ID by standardizing state driver's licenses, China has already implemented a massive online ID database, which they say will help prevent fraud. From the Xinhua English-language site: 'Anyone can now send a text message or visit the country's population information center's website, to check if the name and the ID number of a person's identity card match. If they do match the ID card-holder's picture also appears, said the Ministry, adding that no other information is available to ensure a citizen's privacy is protected. Completed at the end of 2006, China's population information database, the world's largest, contains personal information on 1.3 billion citizens. Giving public accessing to the database is also designed to correct mistakes if an individual discovers that their name, number and picture don't match.'"
Les experts en sécurité et le WIFI ne font pas bon ménage à la RSA Conference
La société américaine AirDefense, spécialisée dans les solutions de sécurité pour le WIFI, a réalisé une étude ( http:[click] ) sur le degré de sécurisation des clients sans-fil (ordinateurs portable, PDA, téléphones portable) utilisés lors de la dernière RSA Conference ( http:[click] ) ; une conférence dont l'édition 2007 s'est tenue du 5 au 9 février à San Francisco
AirDefense a scanné l'ensemble du trafic WIFI échangé lors de la première journée pour un résultat qui ne se trouve pas être en faveur des personnes en présence qui sont censées représenter un pool d'experts ; sur 623 dispositifs recensés plus de la moitié présentaient en effet des risques de compromission soit plus exactement un total de 347.
Outre ces premiers chiffres, on apprend également que la plupart d'entre eux étaient configurés de façon à se connecter automatiquement sur un réseau sans-fil présentant des ESSID comme « linksys » ou « T-mobile » ; la compromission pouvant alors être aisément réalisée avec une attaque de type Man in The Middle via un point d'accès malicieux usurpant les ESSID et cela afin de consulter et de récupérer les ressources partagées de la victime.
Il est également possible, dans ce cas, d'obtenir un accès distant à la machine en combinant cette attaque à des failles propres au système d'exploitation en présence ou par l'intermédiaire des faiblesses liées aux applications tierces installées sur celui-ci. En outre, 70 autres dispositifs présentaient quant à eux le mode AD-HOC pour une connexion de poste à poste avec des SSID comme « Free Public WiFi » « Free Internet Access » et « Linksys ».
Par ailleurs, 30 dispositifs prétendants être des points d'accès ont été identifiés ; parmi eux, deux se présentaient comme étant le point d'accès sans-fil officiel de la conférence dont un allant même jusqu'à fournir un certificat auto-signé. On notera également que 57 types d'attaques différentes (Déni de Service, dé-authentification, ...) ont été observés pendant que 45 adresses MAC étaient usurpées.
La même étude réalisée lors de la seconde journée ( http:[click] ) confirme cette répartition avec 847 machines recensées, soit 25 pour-cents de plus que le premier jour, pour 481 dispositifs faillibles, 87 en mode ad-hoc et 85 types d'attaques différents.
Richard Rushing, CSO d'AirDefense, faisant remarquer à l'issu de cette étude qu'il y a une augmentation massive de l'insécurité des ordinateurs portables et des dispositifs sans-fil et que ironiquement beaucoup d'experts ne prennent pas du tout au sérieux les questions basiques concernant la sécurité même lors de l'un des événements les plus importants de ce domaine ; événement où les risques peuvent être démultipliés de par les compétences de certains acteurs.
AirDefense a scanné l'ensemble du trafic WIFI échangé lors de la première journée pour un résultat qui ne se trouve pas être en faveur des personnes en présence qui sont censées représenter un pool d'experts ; sur 623 dispositifs recensés plus de la moitié présentaient en effet des risques de compromission soit plus exactement un total de 347.
Outre ces premiers chiffres, on apprend également que la plupart d'entre eux étaient configurés de façon à se connecter automatiquement sur un réseau sans-fil présentant des ESSID comme « linksys » ou « T-mobile » ; la compromission pouvant alors être aisément réalisée avec une attaque de type Man in The Middle via un point d'accès malicieux usurpant les ESSID et cela afin de consulter et de récupérer les ressources partagées de la victime.
Il est également possible, dans ce cas, d'obtenir un accès distant à la machine en combinant cette attaque à des failles propres au système d'exploitation en présence ou par l'intermédiaire des faiblesses liées aux applications tierces installées sur celui-ci. En outre, 70 autres dispositifs présentaient quant à eux le mode AD-HOC pour une connexion de poste à poste avec des SSID comme « Free Public WiFi » « Free Internet Access » et « Linksys ».
Par ailleurs, 30 dispositifs prétendants être des points d'accès ont été identifiés ; parmi eux, deux se présentaient comme étant le point d'accès sans-fil officiel de la conférence dont un allant même jusqu'à fournir un certificat auto-signé. On notera également que 57 types d'attaques différentes (Déni de Service, dé-authentification, ...) ont été observés pendant que 45 adresses MAC étaient usurpées.
La même étude réalisée lors de la seconde journée ( http:[click] ) confirme cette répartition avec 847 machines recensées, soit 25 pour-cents de plus que le premier jour, pour 481 dispositifs faillibles, 87 en mode ad-hoc et 85 types d'attaques différents.
Richard Rushing, CSO d'AirDefense, faisant remarquer à l'issu de cette étude qu'il y a une augmentation massive de l'insécurité des ordinateurs portables et des dispositifs sans-fil et que ironiquement beaucoup d'experts ne prennent pas du tout au sérieux les questions basiques concernant la sécurité même lors de l'un des événements les plus importants de ce domaine ; événement où les risques peuvent être démultipliés de par les compétences de certains acteurs.
Report: FBI Loses 3 To 4 Laptops Every Month
Report: FBI Loses 3 To 4 Laptops Every Month: "InfoSec News: Report: FBI Loses 3 To 4 Laptops Every Month: http://www.informationweek.com/news/showArticle.jhtml;?articleID=197005446
By Sharon Gaudin InformationWeek Feb 12, 2007
Three to four laptops are lost or stolen from the FBI every month, according to a report issued this month from the Justice Department's Inspector General. [...]"
By Sharon Gaudin InformationWeek Feb 12, 2007
Three to four laptops are lost or stolen from the FBI every month, according to a report issued this month from the Justice Department's Inspector General. [...]"
How Does The Hacker Economy Work?
http://www.informationweek.com/showArticle.jhtml;jsessionid=FOXHTTKG1GFM0QSNDLOSKH0CJUNN2JVN?articleID=197004939&articleID=197004939
When retailer TJX disclosed Jan. 17 that the computer systems that store data related to credit card, debit card, check, and merchandise return transactions had been broken into, it said it had discovered the hack in December. But security officials at Visa had been seeing an increase in fraudulent activity on credit and debit cards related to TJX properties, such as T.J. Maxx, Marshalls, and HomeGoods stores, since mid-November. That means it's possible the purloined consumer data has been floating around the Internet, available for purchase on black market Web sites and chat rooms, for at least two months, maybe longer.
When retailer TJX disclosed Jan. 17 that the computer systems that store data related to credit card, debit card, check, and merchandise return transactions had been broken into, it said it had discovered the hack in December. But security officials at Visa had been seeing an increase in fraudulent activity on credit and debit cards related to TJX properties, such as T.J. Maxx, Marshalls, and HomeGoods stores, since mid-November. That means it's possible the purloined consumer data has been floating around the Internet, available for purchase on black market Web sites and chat rooms, for at least two months, maybe longer.
W32/Fujacks: Panda Malware Breeders Arrested
http://www.avertlabs.com/research/blog/?p=200
Today, Xinhua News Agency reported the arrest of several suspects believed to have been behind the creation and propagation of the W32/Fujacks file infector worm a.k.a infected files with the Panda icon.
In the article, the official Chinese media cited an announcement from the Public Security Department of the Hubei Province naming 8 suspects including a 25-year old believed to be “WhBoy”, the infamous nickname that is embedded in most variants of W32/Fujacks.
Xinhua’s article in Chinese:
http://news.xinhuanet.com/legal/2007-02/12/content_5731540.htm
Throughout 2006 and continuing into 2007, McAfee Avert Labs has been closely monitoring the trends of cyber criminal activities in Asia. W32/Fujacks, amongst other profit-motivated multi-vector attacks, spiked in 2006 and looks to be a trend that will continue in 2007.
Asian Malware Trend
Between Q3 and Q4 2006, we saw a spike in the number of reported variants of Asian password-stealers and related trojans and file infectors. We blogged about this phenomenon with W32/HLLP.Philis variants in November 2006. What is really beyond these raw figures however is the increasing sophistication of Asian malware threats.
Both W32/HLLP.Philis and W32/Fujacks are more than the usual file infectors. These are multi-vector threats, usually including an aggressive downloader that updates itself frequently, can infect both executable and non-executable files over insecure media such as open network shares and USB drives, thus slipping through the cracks of loosely managed IT policies. Once successful, trusted media files can be further infected with malicious code or hyperlinks through PE file infection, web-based exploits over HTML or media files targeted against unpatched and vulnerable applications.
This approach of attacks on multiple system and user vulnerabilities at multiple layers dramatically increases the criminal opportunities for these malware authors. Indeed, we have seen a comparable rise in number of associated password-stealer variants reported - a considerable source of revenue for the worm seeders.
The lack of law enforcement in China in cyber crime has often been attributed for the rise in malware threats propagating from this region. It is encouraging to see the start of what appears to be the end of the first major case of cyber crime in China with these arrests. At the same time, enterprises need to consistently review and tighten up their current IT strategies to protect against the sophisticated attacks of today.
Today, Xinhua News Agency reported the arrest of several suspects believed to have been behind the creation and propagation of the W32/Fujacks file infector worm a.k.a infected files with the Panda icon.
In the article, the official Chinese media cited an announcement from the Public Security Department of the Hubei Province naming 8 suspects including a 25-year old believed to be “WhBoy”, the infamous nickname that is embedded in most variants of W32/Fujacks.
Xinhua’s article in Chinese:
http://news.xinhuanet.com/legal/2007-02/12/content_5731540.htm
Throughout 2006 and continuing into 2007, McAfee Avert Labs has been closely monitoring the trends of cyber criminal activities in Asia. W32/Fujacks, amongst other profit-motivated multi-vector attacks, spiked in 2006 and looks to be a trend that will continue in 2007.
Asian Malware Trend
Between Q3 and Q4 2006, we saw a spike in the number of reported variants of Asian password-stealers and related trojans and file infectors. We blogged about this phenomenon with W32/HLLP.Philis variants in November 2006. What is really beyond these raw figures however is the increasing sophistication of Asian malware threats.
Both W32/HLLP.Philis and W32/Fujacks are more than the usual file infectors. These are multi-vector threats, usually including an aggressive downloader that updates itself frequently, can infect both executable and non-executable files over insecure media such as open network shares and USB drives, thus slipping through the cracks of loosely managed IT policies. Once successful, trusted media files can be further infected with malicious code or hyperlinks through PE file infection, web-based exploits over HTML or media files targeted against unpatched and vulnerable applications.
This approach of attacks on multiple system and user vulnerabilities at multiple layers dramatically increases the criminal opportunities for these malware authors. Indeed, we have seen a comparable rise in number of associated password-stealer variants reported - a considerable source of revenue for the worm seeders.
The lack of law enforcement in China in cyber crime has often been attributed for the rise in malware threats propagating from this region. It is encouraging to see the start of what appears to be the end of the first major case of cyber crime in China with these arrests. At the same time, enterprises need to consistently review and tighten up their current IT strategies to protect against the sophisticated attacks of today.
vendredi 9 février 2007
Opération YesCard
Opération YesCard: "Un gros réseau de pirates de cartes bancaires démantelé à Lille. Les pirates achetaient des immeubles avec l'argent détourné."
Storm-Worm Gang Attacking the Warezov Gang
Storm-Worm Gang Attacking the Warezov Gang: "Interesting developments going on. The P2P botnet created by Storm-Worm variants has been used to launch Distributed Denial-of-Service attacks. Targets include several domains used by the Warezov/Medbot gang - with names like
adesuikintandefunhandesun.com, esunhuitionkdefunhsadwa.com, shionkertunhedanse.com, huirefunkionmdesa.com et cetera. Also, several antispam organizations have been attacked.Joe Stewart has done a good write-up about this.This is not a good development and reminds us of the Great Virus War fought in 2004.PS - There has been some speculation that these DDoS attacks might be related to the attacks on the root nameservers earlier this week, but we haven't been able to confirm this.
On 09/02/07 At 11:40 A"
adesuikintandefunhandesun.com, esunhuitionkdefunhsadwa.com, shionkertunhedanse.com, huirefunkionmdesa.com et cetera. Also, several antispam organizations have been attacked.Joe Stewart has done a good write-up about this.This is not a good development and reminds us of the Great Virus War fought in 2004.PS - There has been some speculation that these DDoS attacks might be related to the attacks on the root nameservers earlier this week, but we haven't been able to confirm this.
On 09/02/07 At 11:40 A"
Highly privileged malware
Highly privileged malware: "Usually when the media talks about malware, the damage has already been done, with thousands of machines already infected.
Recently, though, discussions of malware have focussed on a program which doesn't even exist - the German goverment's Trojan, which I blogged about back in December...."
Recently, though, discussions of malware have focussed on a program which doesn't even exist - the German goverment's Trojan, which I blogged about back in December...."
New phishing technique discovered
New phishing technique discovered: "A new undetectable phishing tactic has been hijacking the web pages of a major UK bank, according to security vendor Envisional. Until now customers have been able to check a link in an email by moving the mouse over it, thus revealing a fraudulent URL addresses. But this new method
shows..."
shows..."
'Banks could pass on phishing losses to customers'
'Banks could pass on phishing losses to customers': "The failure of customers to secure their own money during internet transactions could potentially lead banks to pass off the responsibility of financial losses back to the customer. User education for online banking customers on how to avoid phishing scams has failed, according to Paul Henry, senior vice president of Secure Computing. This form of commonsense defence has failed to work time and time again, he added."
Chip & PIN relay attacks - Man in the middle style
Chip & PIN relay attacks - Man in the middle style: "Saar Drimer and Steven Murdoch, members of Security Research Team of University of Cambridge Computer Laboratory have introduced their detailed analysis entitled 'Chip & PIN (EMV) relay attacks'.
Link to the very interesting blog posting is here. Picture of the credit card, 'fake terminal' and their device included.
These researchers are the guys behind the Chip & PIN terminal playing Tetris too, YouTube video (49secs) here."
Link to the very interesting blog posting is here. Picture of the credit card, 'fake terminal' and their device included.
These researchers are the guys behind the Chip & PIN terminal playing Tetris too, YouTube video (49secs) here."
Hackers Attack 92,000 Korean Computers
Hackers Attack 92,000 Korean Computers: "InfoSec News: Hackers Attack 92,000 Korean Computers: http://english.chosun.com/w21data/html/news/200702/200702090011.html
Feb. 9, 2007
Some 1,000 Korean Internet sites were attacked, leaving 92,000 Korean computers infected with a malicious computer program, the Korea Information Security Agency (KISA) announced Thursday. [...]"
Feb. 9, 2007
Some 1,000 Korean Internet sites were attacked, leaving 92,000 Korean computers infected with a malicious computer program, the Korea Information Security Agency (KISA) announced Thursday. [...]"
China 'hacking German computers'
China 'hacking German computers': "China is increasingly hacking into the computers of German and other European companies in order to spy on them, Hans Elmar Remberg, vice-president of Germany?s Federal Office for the Protection of the Constitution, warned yesterday. 'We have detected a rising number of hacking attacks by the Chinese recently,' he said. Russia and China were the two countries most actively involved in spying activities in Germany, said Mr Remberg. But while the Russians were still using secret agents, China was mainly active electronically."
jeudi 8 février 2007
RSA 2007: Botnet Live
http://www.vitalsecurity.org/2007/02/rsa-2007-botnet-live.html
"The important thing to remember is, it's NOT Bin Laden sitting in a cave buying fifty scud missiles on EBay". Chris Boyd, Today, in a big room somewhere
......and oh God, it was standing room only as Wayne Porter and I explored the methods of shutting down Botnets without actually bothering with the Botnet that much.
I believe the total audience was around four hundred people (plus a bunch standing at the back), so thanks to all that came along. Also, many thanks to the wonderful lady who asked the question that allowed me to fire out the above Bin-Laden-does-Ebay quote. I don't think I could have coped without it.
See the vaguely Boyd / Porter shaped blur up on the podium? Yeah, that was us.
We tried to keep the purely tech stuff down to a minimum, because let's face it, we've all heard that stuff before and there's only so many ways you can say OMFG BOTNETS ARE TEH BAD.
Instead, we provided a brief overview of the current Botnet hunting landscape, some top tips for getting stuff shut down when it's located in some far flung corner overseas and (most importantly), two case studies that illustrate the ways in which we use social media, storytelling and (my personal favourite) PANIC INDUCING TERROR to kick some ass and take some names.
Featured heavily were the Carder Botnet, and the Q8 Army Botnet.
In both cases, the Botnet itself was only the skeleton upon which a scaffold of buttkicking action was erected. We used all the borderline elements around the outskirts of each Botnet to build up an (almost) complete picture of the people behind it, and get something done about it. We also explored the idea that without even knowing it, one investigation can cause quite the fallout in completely unrelated areas and take down whole groups of people quite unintentionally.
I mean, it's pretty awesome when that happens.
At any rate, there was a whole bunch of material here that wasn't published first time round - there were numerous reasons for this, but going into them would probably mean some guy would try and kill me with cheeswire, and it'd all go a bit Jason Bourne on you.
Of particular note was the thingy in the screenshot - and by thingy, I mean custom built Q8 Army mIRC Tool. It had all sorts of crazy options built into it, and by and large they all did vaguely nasty things.
We were also able to (finally) show many of the Q8 Army sites that we came across during the course of the original investigation.
Many of these sites popped up on (or around) September 11th, 2001 - and yes, you can probably guess the kind of things they contained.
In addition, we tracked these guys back to 2001 (or thereabouts), where they were apparently stealing credit card information to purchase things like satellite equipment, radio / telecommunications gear and second hand PCs.
What they intended to do with all that stuff, we can only speculate. But I mean, it's pretty obvious they're not creating a pirate radio station or donating the PCs to hospitals.
Once again, thanks to everyone who turned up, those who threw in some questions at the end and anyone who came up and said hello.
We had a blast and hopefully we'll be let loose on you all over again.
"The important thing to remember is, it's NOT Bin Laden sitting in a cave buying fifty scud missiles on EBay". Chris Boyd, Today, in a big room somewhere
......and oh God, it was standing room only as Wayne Porter and I explored the methods of shutting down Botnets without actually bothering with the Botnet that much.
I believe the total audience was around four hundred people (plus a bunch standing at the back), so thanks to all that came along. Also, many thanks to the wonderful lady who asked the question that allowed me to fire out the above Bin-Laden-does-Ebay quote. I don't think I could have coped without it.
See the vaguely Boyd / Porter shaped blur up on the podium? Yeah, that was us.
We tried to keep the purely tech stuff down to a minimum, because let's face it, we've all heard that stuff before and there's only so many ways you can say OMFG BOTNETS ARE TEH BAD.
Instead, we provided a brief overview of the current Botnet hunting landscape, some top tips for getting stuff shut down when it's located in some far flung corner overseas and (most importantly), two case studies that illustrate the ways in which we use social media, storytelling and (my personal favourite) PANIC INDUCING TERROR to kick some ass and take some names.
Featured heavily were the Carder Botnet, and the Q8 Army Botnet.
In both cases, the Botnet itself was only the skeleton upon which a scaffold of buttkicking action was erected. We used all the borderline elements around the outskirts of each Botnet to build up an (almost) complete picture of the people behind it, and get something done about it. We also explored the idea that without even knowing it, one investigation can cause quite the fallout in completely unrelated areas and take down whole groups of people quite unintentionally.
I mean, it's pretty awesome when that happens.
At any rate, there was a whole bunch of material here that wasn't published first time round - there were numerous reasons for this, but going into them would probably mean some guy would try and kill me with cheeswire, and it'd all go a bit Jason Bourne on you.
Of particular note was the thingy in the screenshot - and by thingy, I mean custom built Q8 Army mIRC Tool. It had all sorts of crazy options built into it, and by and large they all did vaguely nasty things.
We were also able to (finally) show many of the Q8 Army sites that we came across during the course of the original investigation.
Many of these sites popped up on (or around) September 11th, 2001 - and yes, you can probably guess the kind of things they contained.
In addition, we tracked these guys back to 2001 (or thereabouts), where they were apparently stealing credit card information to purchase things like satellite equipment, radio / telecommunications gear and second hand PCs.
What they intended to do with all that stuff, we can only speculate. But I mean, it's pretty obvious they're not creating a pirate radio station or donating the PCs to hospitals.
Once again, thanks to everyone who turned up, those who threw in some questions at the end and anyone who came up and said hello.
We had a blast and hopefully we'll be let loose on you all over again.
lundi 5 février 2007
Jeux en ligne en Chine : 24 % de croissance annuelle
Jeux en ligne en Chine : 24 % de croissance annuelle: "Les analystes de chez Analysys prévoient une impressionnante croissance du jeu vidéo en ligne chinois d'ici 2010. A l'honneur, les jeux de rôle massivement multijoueurs, qui sont devenus le type de jeu le plus répandu dans l'ancien Empire."
Link Detail: Hacker Geo IP Map
Link Detail: Hacker Geo IP Map: "See recent hacker attacks on this map coded from a blockhosts script which record sshd or proftpd processes are attacked. IP is reversed with GeoIP Lite. For more details see the URL : http://www.programmableweb.com/url/1469"
Robot code cracker beats malware in minutes
Robot code cracker beats malware in minutes: "PC Tools has unveiled a breakthrough in its fight against malware and viruses today with an automated technology, called Threat Expert, that enables businesses such as social networking sites, search engines, security researchers and any other content sharing firm to analyse and decode online threats in a matter of minutes. "We are seeing an explosion of new threats and variations that major anti-spyware and anti-virus companies can't handle. The time it takes to manually decode these dangerous threats means consumers and businesses are vulnerable until threats are decoded and fixes are made," said Simon Clausen, CEO of PC Tools."
Dutch spammer sent 9 billion emails
Dutch spammer sent 9 billion emails: "A spammer whom authorities say emailed more than 9 billion unwanted advertisements for products like erection pills faces a hefty fine: If he needs headache medication or debt relief there?s probably an unsolicited ad in his own inbox. Dutch authorities have levied a $US97,000 fine on an unidentified man for sending 'unsolicited electronic messages to consumers to promote erection enhancement pills, pornographic websites, sex products and such,' the country?s telecommunications watchdog said on Friday in a statement."
FBI Arrests Hacker Siphoning $750,000 A Month Away From Online Game (AHN)
FBI Arrests Hacker Siphoning $750,000 A Month Away From Online Game (AHN): "The U.S.
Federal Bureau of Investigation's (FBI) Anti-Piracy division has arrested a hacker in California who stole the source code for a massively multiplayer online role-playing game (MMORPG) and was running it off of his own servers for a profit...."
Federal Bureau of Investigation's (FBI) Anti-Piracy division has arrested a hacker in California who stole the source code for a massively multiplayer online role-playing game (MMORPG) and was running it off of his own servers for a profit...."
vendredi 2 février 2007
U.S. identity theft losses fall: study
U.S. identity theft losses fall: study: "Americans lost about $49.3 billion in 2006 to criminals who stole their identities, an 11.5 percent decline that may reflect increased vigilance among consumers and businesses, a study released on Thursday shows. Losses declined from a revised $55.7 billion in 2005, according to the third annual study by Javelin Strategy & Research. They had increased in each of the prior two years. The average identity theft fraud fell 9 percent to $5,720 from $6,278, while the median - where half were larger and half were smaller - held steady at $750."
Phishing overtakes spam for the first time
Phishing overtakes spam for the first time: "For the first time the proportion of phishing attacks has exceeded the number of threats from virus or Trojan attacks, according to MessageLabs. The increase in phishing attacks is due to several factors. Firstly, virus attacks have become more targeted and are no longer occurring as one large outbreak. Secondly, online merchants have recently shifted toward deploying two-factor authentication methods which have given rise to 'man-in-the-middle' phishing sites."
Kasperskys on cybercrime: Don't blame the Russian mafia and why we need anti-anti-anti virus software
Kasperskys on cybercrime: Don't blame the Russian mafia and why we need anti-anti-anti virus software: "Russian security professionals Eugene and Natalya Kaspersky dropped by Network World this week en route from Moscow to the RSA Conference in California. In a wide-ranging interview with Features Editor Neal Weinberg, the Kaspersky Lab duo discussed the Russian mafia, the latest in hacker tricks and their view that the bad guys are winning."
Steal This Download
Steal This Download: "David Thomas ran a site for hackers and credit card thieves, while the FBI ran him. Get Kim Zetter's groundbreaking series on the cybercrime underground as a printer-friendly PDF."
jeudi 1 février 2007
South Korean duo arrested for 1.6 bln spam e-mails
South Korean duo arrested for 1.6 bln spam e-mails
SEOUL (Reuters) - Two South Korean computer programmers have been arrested on suspicion of sending out 1.6 billion spam e-mail messages in violation of the country's commerce laws, police said on Tuesday.
The two men, one aged 20 and the other 26, are suspected of sending out the unsolicited e-mail messages between September and December last year in what police describe as one of the biggest spam blasts in the country's history.
The two are suspected of obtaining personal and financial data from 12,000 South Koreans who responded to their spam messages. The pair then sold information on those people to lending services firms in return for 100 million won ($106,400), police said.
Police said they will soon turn over evidence on the pair, who were not named, to prosecutors who will then tell the court what sort of criminal penalties they are seeking against the two.
This kind of spam mailing is causing enormous problems in South Korea and we think these two are responsible for some of the biggest abuses," a police official said by telephone.
Inscription à :
Articles (Atom)