TweakTown NewsRefine News by Category:
Spam e-mail is nothing new. Most users have figured out ways to combat it either through the use of spam boxes or spam blockers on the e-mail servers themselves. This spam is traditionally sent out via compromised computers that have been pulled together into a botnet. The botnet can be ordered to do whatever nefarious activities its commander wants.
With Windows becoming more secure, however, it has been harder for hackers to gain these computers for botnets. Terry Zink of Terry Zink's Cyber Security Blog on the MSDN noticed something interesting about the spam he has been receiving lately. At the bottom of the message it says "Sent from Yahoo! Mail on Android."
Furthermore, he examined the headers of the e-mail and found "Message-ID: 1341147286.19774.androidMobile(at)web140302.mail.bf1.yahoo.com" I'm sure you can see where this is going. A spammer somewhere has a botnet that lives on Android devices, much like the rumors we've all heard. What's even more interesting is where these devices are located.
Yahoo places the IP of the device in the header so Terry Zink took a gander at where these IPs were located on the globe. The IPs come from Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela. The majority of these countries are developing countries and Zink has an explanation:
Once again, Apple's OS X is being confronted with a security risk. The latest backdoor has been discovered by Russian security firm Kaspersky Labs and is being used as part of a Advanced Persistent Threat campaign. This is just the latest in a series of security risks present in the Mac OS X operating system.
Kaspersky researchers found that Uyghur activists in China were being targeted by hackers. These hackers sent e-mails with a compromised attachment that was in the form of a JPEG. The code hidden inside the JPEG was a new form of the MaControl backdoor and is compatible with both the PowerPC and i386 Mac variants.
Costin Raiu, Director of Global Research & Analysis at Kaspersky Lab:
Macs are growing in global popularity, even amongst high-profile people. Many choose to use Mac OS X computers because they believe it's safer. However, we believe that as the adoption increases for Mac OS X, so will both mass-infection attacks and targeted campaigns. Attackers will continue to refine and enhance their methods to mix exploits and social engineering techniques to try and infect victims. Just like PC malware, this combination is commonly the most effective and cybercriminals will continue to challenge Mac OS X users' security, both technically and psychologically.
In case you needed more examples of why the United States needs to focus on cyber security, take a look at a virus discovered in Peru. "ACAD/Medre.A" is a virus that is committing espionage by sending blueprints to China from companies in Peru. It has already stolen tens of thousands of blueprints, according to ESET.
The virus targeted the software AutoCAD which is a primary tool used by industrial designers and architects. It is believed the virus was first distributed to Peruvian companies through the use of an AutoCAD template given to public bodies. The virus was detected several months ago but has just seen a spike in usage.
The virus sends back blueprints to e-mail accounts provided by two Chinese internet firms, 163.com and qq.com. However, this doesn't prove China or the Chinese were behind the virus. What it does prove is that companies and governments alike need to strengthen their cyber security measures to prevent things like this from happening.
"[It] represents a serious case of industrial espionage," said ESET researcher Righard Zwienenberg. "Every new design is sent automatically to the operator of this malware. Needless to say this can cost the legitimate owner of the intellectual property a lot of money as the cybercriminals have access to the designs even before they go into production."
Flame, a highly sophisticated virus that was first discovered in Iranian oil refineries, and is supposedly the result of a U.S. and Israel joint effort to slow down Iran's nuclear program, reports The Washington Post. The information comes from multiple Western officials who purportedly have knowledge of the project, but of course want to remain anonymous.
This shouldn't come as a surprise considering the U.S. were unveiled as using the volatile Stuxnet virus, where The New York Times reported about Operation: Olympic Games, which is a project that used Stuxnet and Duqu, both sophisticated viruses. These viruses targeted Iranian SCADA systems, that allowed the creators of this virus to gather intelligence and even control aspects of Iran's nuclear and oil refining facilities.
Stuxnet code has been found within the Flame virus, according to security researchers, which is an unofficial confirmation that the creators of the Stuxnet virus (the U.S. government) are also behind this new nasty virus. Once this was discovered, in Get Smart fashion, the virus began to self-destruct, hastily removing itself from infected computers... not suss, huh?
LulzSec, a hacking group responsible for many hacks last year, has been fairly quiet this year after their leader allegedly worked with law enforcement to bring charges against its members. Now, however, LulzSec Reborn has taken over and started hacking, mainly compromising user accounts and leaking the details.
LulzSec Reborn has had two major hacks this year and otherwise has been quiet. The first was a leaking of 170,000 MilitarySingles accounts on Pastebin and now they are taking responsibility for the leaking of 10,000 Twitter accounts on Pastebin. The latter, today's leak, features much more information than a traditional password hack.
The leak comes in the form of an SQL dump which features usernames, passwords, real names, bios, locations, avatars, security tokens used by the service for authentication with Twitter and the user's most recent Tweet. The hack comes from compromising a third-party site that required the login information to work.
LulzSec Reborn compromised TweetGif, a site which allows users to post animated GIFs to their feed. TweetGif isn't a very large service and only has around 75,000 global visitors. The company's Twitter only has around 700 followers. Often compromises such as this come from third-party services which require a username/password combo to work.
It's not known if LulzSec Reborn features any of the members in the original hacking collective.
A new discovery has been made by a Cambridge University researcher that a chip used by the US military features a security backdoor which could have massive implications on on national security. The chip, which was built in China, cannot simply be reprogrammed as the security backdoor is physically present on the silicon.
Sergei Skorobogatov of Quo Vadis Labs at Cambridge University said:
Our aim was to perform advanced code breaking and to see if there were any unexpected features on the (US Military) chip. We scanned the silicon chip in an affordable time and found a previously unknown backdoor inserted by the manufacturer. This backdoor has a key, which we were able to extract. If you use this key you can disable the chip or reprogram it at will, even if locked by the user with their own key. This particular chip is prevalent in many systems from weapons, nuclear power plants to public transport. In other words, this backdoor access could be turned into an advanced Stuxnet weapon to attack potentially millions of systems. The scale and range of possible attacks has huge implications for National Security and public infrastructure.
Now, let's be fair: it isn't a sure thing that the backdoor was introduced by the Chinese. It's more probable that the backdoor was present in the original design as a debugging tool for the designer. This is a common practice and these backdoors are often present and not malicious.
Microsoft has left an unpatched exploit in Windows 8 Consumer Preview. The exploit works on Windows 7, Windows Server 2008 R2 and Windows 8 Consumer Preview and has been documented and known for a while. The details of the exploit are pretty simple and can be done in under a minute if one is a fast typist.
The general idea behind the exploit is to be able to run an elevated command prompt without even being logged in. It works by making a simple change in the registry so that when sticky keys is activated it launches the command prompt instead. The hack is virtually undetectable as all it is is a simple change in registry value.
To do the exploit one only needs to open command prompt once on the target PC and enter the code below. Once done, the hacker can return to the workstation at any point later in time and launch an administrator level command prompt just by pressing shift 5 times in a row. This could be of a serious nature for many different people, especially a business.
REG ADD "HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssethc.exe" /v Debugger /t REG_SZ /d "C:windowssystem32cmd.exe"
Microsoft, at the time of writing, has yet to issue a statement regarding the exploit.
Anonymous have dumped 1.7GB of data belonging to the US Department of Justice, and on the flip side, the DoJ have downplayed the sensitivity of the data siphoned from their website. Anonymous says that the information they have includes "internal e-mails", and "the entire database dump" from the website.
Anonymous' leak was announced alongside a torrent with the 1.7GB of data inside, as well as a statement:
Today we are releaseing [sic] 1.7GB of data that used to belong to the United States Bureau of Justice, until now. Within the booty you may find lots of shiny things such as internal emails, and the entire database dump. We Lulzed as they took the website down after being owned, clearly showing they were scared of what inevitably happened.
Hate pre-installed versions of completely useless software on your PC? Well, take your PC into a Microsoft Store, pay them $99 and they'll install a clean copy of Windows onto your PC for you. Handy. The new program is a branch from Microsoft's "Signature" PC initiative, which sells bloatware-free versions of PCs from Microsoft's partners in Microsoft Stores.
The Redmond-based company is willing to change any computer into a Signature PC, if the customers wish to do so, and bring their PC into a Microsoft Store and pay the $99 fee. Signature PCs sport Microsoft Windows Live Essentials program, the ad-supported Word and Excel-only Microsoft Office Starter Edition, the Microsoft Security Essentials anti-virus package, and Zune media player software.
Users can opt-out of having these programs installed, and can also specify which other third-party browsers or programs get installed. Included is 90 days of free phone support. The only issue I have with this, is Microsoft created this problem (allowing bloatware to be used and installed by OEMs) and are now cashing in on it. But, at least they're trying to dig out of the hole, and not make it deeper, I suppose.
The Mac-based Flashback Trojan caused a world of hurt for some, and really tarnished Apple's invincible mantra to viruses, and such. But, the maker of the Flashback Trojan enjoyed his wares being spread out to more than 600,000 Macs across the world.
It's been estimated that the maker of the trojan could've been generating more than $10,000 per day in fraudulent ad clicks. More analysis from Symantec points toward the author of the trojan probably never monetizing the trojan whatsoever.
Even though the trojan made its way into 600,000 machines, the ad-click component of Flashback only crawled into roughly 10,000 machines, less than 2-percent of all infected. Symantec says that around 10 million fraudulent ads were displayed on the machines that were compromised, but users only clicked them around 400,000 times. Over three weeks, those 400,000 clicks resulted in around $14,000 for the trojan maker.