Duqu trojan found in Indian Servers.. :-(

          Two workers at a web-hosting company called Web Werks told Reuters that officials from India's Department of Information Technology last week took several hard drives and other components from a server that security firm Symantec Corp told them was communicating with computers infected with Duqu.
The equipment seized from Web Werks, a privately held company in Mumbai with about 200 employees, might hold valuable data to help investigators determine who built Duqu and how it can be used. But putting the pieces together is a long and difficult process, experts said. "This one is challenging," said Marty Edwards, director of the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team. "It's a very complex piece of software."

          The Duqu trojan is composed of several malicious files that work together for a malicious purpose. Duqu appears to be more narrowly targeted than Stuxnet as researchers estimate the new trojan virus has infected at most dozens of machines so far. By comparison, Stuxnet spread much more quickly, popping up on thousands of computer systems.Security firms including Dell Inc's SecureWorks, Intel Corp's McAfee, Kaspersky Lab and Symantec say they found Duqu victims in Europe, Iran, Sudan and the United States. They declined to provide their identities.

          Duqu so named because it creates files with "DQ" in the prefix -- was designed to steal secrets from the computers it infects, researchers said, such as design documents from makers of highly sophisticated valves, motors, pipes and switches. Duqu and Stuxnet both use a kernel driver to decrypt and load encrypted DLL (Dynamic Load Library) files. The kernel drivers serve as an "injection" engine to load these DLLs into a specific process. This technique is not unique to either Duqu or Stuxnet and has been observed in other unrelated threats.

          "We are a little bit behind in the game," said Don Jackson, a director of the Dell SecureWorks Counter Threat Unit. "Knowing what these guys are doing, they are probably a step ahead."

Read More

PTA decides to ban explicit websites

          We have learned through reliable sources that PTA has decided to ban explicit websites. This information that we have got is of preliminary nature, however officials at PTA confirmed us of decision taken by the authority.

          We are yet to ascertain the mechanism and procedures that PTA will adopt for the ban, but it is anticipated that PTA will maintain a list of blacklisted websites based on user input.

          This decision is apparently due to increased social and moral pressure that PTA has gone through in the recent months. This is a vital decision taken by the authority that will be welcomed by the parents. Reaction from youth can be different. This is a developing story, and we will update it as we get more information.

Update:

We are told by PTA officials that a list of 150,000 websites has been sent to ISPs, Mobile Phone service providers, and international bandwidth providers to get them blocked. The process will take 8 to 10 working days and then these 150,000 will be blocked in Pakistan. PTA is planning to keep updating the list, through user input and self determination.

A Message From HackersMedia:

          A Pakistani Hacker called Zombie_KSA from the group called (PakBugs) has Hacked Pakistans Supreme Courts website telling the Gov. this message on there site:

[!] Struck By Zombie_Ksa

The Notorious Zombie_Ksa is Back

You Must have Heard about me on, news, headlines, Gov. charges, blogs, blah blah

YES, Pakistan Supreme Court got STAMPED by Zombie_Ksa.

What i can see, I Guess, Supreme Court of Pakistan is in Wrong, Untalented Hands !!

Well Why Did I Choose Supreme Court of Pakistan for HaCkinG ?

Just tO Convey my Message tO Mr Chief So Called Justice Of Pakistan Iftikhar Mohammad Chaudry...

Mr Chief hello0 :D !! Hope So yO Enjoying your full time Luxurious Life.. :D aint u? O.o 

So I am here tO request you to go 0ut there and help the poor,needy and hungry.

They Dont have money to Eat one time Meal 

They dont Have Clothes to wear 

They dont have Accommodation !!

Sitting 0n y0ur r0yal chair w0nt make any changes to 0ur Pakistan

Baby m here tO Tell this mofo World that We are Pakistan ....Not Pornistan... & Sir i need ur help.. Since u have powefull balls and i request you to take action to ban porn sites in Pakistan. Read it again I request you to BAN Pornographic sites in PAKISTAN... PTA is paid whore... they dont give a damn shit about our complains... They can BAN Porn sites... ANd if they dont WTF they are paid for? Mr CJ m again requesting you to take somoto action against PTA. If you dont then i myself will... I will Roast PTA's Asses like I raped FIA... & If they cant or they wont then InshALLAH I will raise the 1337 gr33n flag high and ll Hack PTA like i hacked bef0re =) ...

------------------------------------------------------------------------------------------------------------------

@Webmaster:Mr.Malik Sohail Ahmad The data is intact, no harm done. The index file is only replaced with this message.Well Dude You Don't Know Nothing !! Here in PAKISTAN who has Degree He Is Monster and you Idiot is Webmaster of Supreme Court of PAKISTAN ? Death to U !! Learn Some Serious Shit Insane !!>

We are L33t Pakistani H4x0rZ,

www.Pakbugs.com

------------------------------------------------------------------------------------------------------------------

we are PAKbugs, We keep it real:

   Greetz: Zombie_Ksa | spo0feR | xOOmxOOm | Cyber-Criminal | bh | Agd_Scorp | aB0 m0h4mM3d | The Moorish | Shadow008 |

Read More

Anonymous Threatened To Erase Toronto Stock Exchange (TSX) On November 7th

 

          Anonymous, the hackivist collective, appear now to be backing down from the grandiose promise to "erase" the Toronto Stock Exchange from the Internet on November 7. The one per cent has been putting their wealth in the Toronto Stock Exchange. This is why we choose to declare war against it, says the literally anonymous Anonymous voice. “On November 7, 2011, TSX shall be erased from the internet". And this is just the beginning. Previously anon threatened to erase NYSE from the Internet though that attack failed. also Anonymous threatens to erase FOX News couple of days ago. 

 

In a video release Anon Said:-

"WE HAVE PUT A STOP TO THE OPERATION DUE TO ALOT OF CITIZENS OF CANADA THAT ARE A PART OF THE 99% DID NOT AGREE TO THE OPERATION!

WE ARE TRULY SORRY AND WOULD LIKE YOU TO KNOW WE ARE WITH YOU, AND WE STAND BY YOU WITH YOUR OPINIONS; BECAUSE WE ALL HAVE A VOICE.
THANK YOU."

Read More

Anonymous hackers threatening a Mexican drug cartel

          Anonymous Mexico is going head-to-head with one of the most dangerous criminal organizations in the world, the Mexican cartel Los Zetas. With this Anonymous Proofs that they are not just a common Internet users as cowards behind a keyboard.  Not only has the Anonymous threatened to reveal names, but it has also started making good to its threats.

           Mexican Anonymous hackers is warning a Mexican drug cartel to release one of its members, kidnapped from a street protest, or it will publish the identities and addresses of the syndicate's associates, from corrupt police to taxi drivers, as well as reveal the syndicates' businesses. The website of a Mexican politician suspected of connections to the cartel and The page is still defaced as we write; here is what it looks like (“es Zeta” meaning “is Zeta”):

          "You made a huge mistake by taking one of us. Release him," says a masked man in a video posted online on behalf of the group, Anonymous. Here is the Spanish speaking video put out by Anonymous. As Mike Vigil, a retired head of international operations for the DEA said following this announcement – the Zetas Cartel needs to take Anonymous seriously because by publishing the names they identify the Zetas Cartel members to rivals and they will go after them.

          If Anonymous can make good on its threats to publish names, it will "most certainly" lead to more deaths and could leave bloggers and others open to reprisal attacks by the cartel, contends Stratfor, an Austin-based global intelligence company.

Read More

Most advanced and dangerous malware for Apple products - Why you should be concerned !

          If you are using any Apple product such as iPhone, iPad or iPod, then you shuuld be concerned. Indian security researcher from MalCon, Atul Alex has created an advanced malware for the Apple products which can not only intercept calls of users, steal data, but also provide a reverse VNC to see remotely all the actions of the victim.

          The malware can be deployed remotely over the web and is supposed to work on the latest iOS 5. Atul Alex, Technical director of MalCon said "Apple products are extremely secure by design. The malware works on jailbroken devices - something which over 90% of users have. If your device is not jailbroken, you have nothing to worry about!".

          However, over 90% of users normally jailbreak their devices. iOS jailbreaking, or simply jailbreaking, is the process of removing the limitations imposed by Apple on devices running the iOS operating system through use of custom kernels. Such devices include the iPhone, iPod Touch, iPad, and 2nd Gen Apple TV. Jailbreaking allows users to gain root access to the operating system, allowing iOS users to download additional applications, extensions, and themes that are unavailable through the official Apple App Store. A jailbroken iPhone, iPod Touch, or iPad running iOS can still use the App Store, iTunes, and other normal functions, such as making telephone calls.

          The malware malware boasts of the following features:
• Control devices by SMS
• Invisible Malware
• VNC Server to view remote screen
• Record and listen to all calls remotely
• Upload / Download user Data
• Access all mails and texts

          The Malware will be demonstrated next month at the upcoming International Malware Conference, MalCon in Mumbai, India. The researcher Atul Alex has previously coded and demonstated a custom malicious firmware for Symbian last year.

Read More

Malware for xbox Kinect created by 15 years old Indian researchers

          Indian researchers from MalCon have created a malware that utlizes Microsoft Kinect to secretly capture pictures and upload to a picasa account.

          A 15year old Indian security researcher 'Shantanu Gawde' from MalCon Research has created a malware that utilizes the Microsoft xbox kinect controller.

          Kinect for Xbox 360, or simply Kinect, is a motion sensing input device by Microsoft for the Xbox 360 video game console. With over 10 million devices sold till date, the kinect holds the Guiness book for world record for the fastest selling consumer electronics device - and is exactly the reason why the malware is a concern.

          In recent months, there have been a number of innovative kinect hacks that make use of the kinect using both Open source drivers and the Kinect SDK. The malware, code-named 'gawde' after its creators name, works on Windows 7 to secretly capture pictures of the victim / surroundings from a connected Kinect device and uploads them to a picasa account.

          Rajshekhar Murthy, Director at ISAC, (Information Sharing and Anaysis Center), a scientifc non-profit body that holds the International Malware Conference, MalCon said. "We believe that in coming years, a lot of windows based applications will be developed for Kinect and the device will gain further immense popularity and acceptance- and from a perpective of an attacker, such a popular device can be an exciting target for visual and audio intelligence. At MalCon research labs, we promote proactive security research and the malware utilizing Kinect is only a proof of concept. "

          The kienct malware 'gawde' goes a step ahead and even uses voice recognition to execute a program based on keyword, without the knowledge of the victim. The malware PoC will be demonstrated at the upcoming MalCon 2011 in Mumbai, India.

Read More

Anonymous DDOS Oakland police site after violence

          Cyber activists associated with Anonymous have targeted the Oakland Police Department (OPD) and other law enforcement agencies that participated in a controversial crackdown against OccupyOakland protestors. A DDOS (distributed denial-of-service) attack against the department's website www.oaklandpolice.com is underway, and the website currently is unreachable.

          AnonyOps tweet "I'm amazed and proud of #occupyOakland protesters who stood defiant, peaceful in the face of lethal force by Oakland PD." Police fired a number of tear gas canisters, concussion grenades, rubber bullets and non-lethal rounds at demonstrators on Tuesday night, drawing widespread condemnation for the use of heavy-handed tactics against unarmed civilians.

          Reports of police violence against Oakland protesters re-emerged Tuesday on the movement's Web site, occupyoakland.org. The Web site published statements charging the U.S. police of numerous acts of brutality, during a recent raid designed to evict protesters from their encampment.

          The most seriously injured victim was Scott Olsen, an Iraq War veteran, who suffered a fractured skull after being struck by a police projectile. His condition was upgraded to "fair" today, according to reports. According to the Pastebin document, Anonymous is offering a "no questions asked" $1,000 reward for information about the officer who threw the projectile at Olsen.

Read More

Chinese hackers may have attacked U.S. satellites

          Suspected Chinese hackers interfered with two U.S. satellites on four separate occasions in 2007 and 2008. On one occasion, the attackers had enough access to take complete control of one of the satellites but chose not to doso, according to a Bloomberg Businessweek story that cites a soon-to-be published report by a congressional commission.

          According to Bloomberg, a Landsat-7 earth observation satellite managed by NASA and the U.S. Geological Survey and a Terra AM-1 satellite managed by NASA were both attacked by hackers thought to be from China. The attackers appear to have gained access to the satellites via compromised ground control systems at the Svalbard Satellite Station in Spitsbergen, Norway, Bloomberg said.

          Hackers "interfered" with the Terra AM-1 satellite twice in 2008 -- once for about two minutes in June and again for nine minutes in October. The Landsat-7 system, meanwhile, experienced more than 12 minutes of interference in October 2007 and July 2008. The October 2007 attack on the Landsat-7 satellite was discovered only when the July 2008 interference was being investigated.

          "Such interference poses numerous potential threats, particularly if achieved against satellites with more sensitive functions," the draft report says, according to Bloomberg. "Access to a satellite's controls could allow an attacker to damage or destroy the satellite. An attacker could also deny or degrade as well as forge or otherwise manipulate the satellite's transmission."

           The report does not directly accuse the Chinese government or its military of being behind the attacks. But it does note that the disruptions are consistent with Chinese military strategies that advocate the disabling of enemy space systems and ground-based satellite control systems, Bloomberg said. China's stated strategy in a conflict is to "compromise, disrupt, deny, degrade, deceive or destroy" U.S. space and computer systems, the report says, according to Bloomberg.

          A spokesman for the Chinese embassy in Washington is quoted as denying any involvement in the attacks and accusing the commission of collecting unsubstantiated stories for the purposes of "vilifying" China.
Though Chinese officials have denied involvement in such attacks, China has frequently been suspected of being behind cyberattacks against U.S government, military and commercial targets. Privately many security experts say that such attacks allow multiple terabytes of sensitive data and IP to be siphoned out of the country. So far, few have been able to or willing to substantiate those claims publicly.

          In the report, Bronk theorized that China's strategy in any cyberwar will be to degrade and disrupt communications but to not completely disable an opponent's networks. The goal will be to own as much of a network as possible in order to control it when hostilities break out, he said

Read More

Most British students are vulnerable to identity theft: ICO

          Launches privacy awareness campaign to inform students how to keep their social lives private

The Information Commissioner's Office (ICO) has revealed that British students are vulnerable to identity theft and that four out of ten students online (42%) are concerned that personal information available about them online might affect their future employment prospects.

          Launching its 2011 Student Brand Ambassador campaign, the ICO said, citing YouGov data, that many students are not adequately protecting themselves against the risk of identity theft. It said 1 in 3 (33%) students who have lived at a previous address while at university still have not arranged the redirection of all their important post to their current university address. Over three quarters (76%) have not checked their credit rating in the last year, and two thirds (66%) have never checked it, allowing suspicious credit applications to go unnoticed.

          The 2011 Student Brand Ambassador Campaign is a nationwide project aimed at raising young people's awareness of information rights. Students at 15 universities across the UK, including Manchester, Cardiff, Edinburgh and Ulster, have been recruited to promote the ICO's work on campus. Tasks involve spreading the word using social media, generating local media coverage and doing promotional work, said the ICO.

          Information Commissioner Christopher Graham said in tough times, young people are clearly less relaxed about privacy, particularly in relation to information that they post online - but many may not know what they can do about it.

          "The Student Brand Ambassador campaign is about arming students with the advice they need to protect themselves from obvious dangers such as identity theft and keeping their social lives private. It's about empowering young people to take back control of their information and I hope the campaign is embraced by students at universities across the UK," Graham said.

Read More

Mario Kart on Facebook? Fast-spreading scam hits many users' accounts

    A scam claiming that you can play Mario Kart on Facebook has spread between many Facebook users.

Play Mario Kart on Facebook with your Friends! Join the multiplayer mayhem NOW! Click here to play

          The messages do not just take the form of public status updates, but have also been distributed via private messages:

          If you click on the link (no, not that sort of Link..) you will end up on a webpage which urges you to join the game.

          Unfortunately as soon as you press "Play Now" you'll not find yourself in the middle of a fast-moving road race with all your favourite Nintendo characters, but instead urged to complete an online survey or competition.

(Note: Some people have reported that this webpage attempts to trick the user into installing a browser extension - clearly under the circumstances that is not to be recommended).

When I tried one of the surveys from my Facebook test account, I was given the opportunity to "win" an iPhone 5. iPhone 5? Did someone forget to send the scammers the memo? The iPhone 5 doesn't even exist yet.

          Unfortunately, Facebook's built-in security systems don't appear to be blocking this scam at this time - giving it plenty of breathing space to trick as many users as possible into taking the online competitions.

         

          And, of course, the more traffic the scammers send to the online surveys and puzzles, the more commission they earn. And the more spam Facebook users find filling up their walls and inboxes.

If you were fooled into participating in this scam remove the message from your newsfeed, and delete any messages you may have inadvertently shared with your friends. That way at least you are no longer spreading it with your online chums.

Read More

Tour de France cheat faces suspended sentence in malware case

          In 2006, American cyclist Floyd Landis won the Tour de France competition. He was subsequently stripped of his title after an anti-doping lab reported it had found unusual levels of testosterone in his body. Landis spent years attempting to overturn the decision, spending millions of dollars in the process, before finally confessing to doping in 2009.

          While Landis was still protesting his innocence, however, an anti-doping laboratory based in the suburbs of Paris reported that its systems had been infected with a Trojan horse. The lab in Chatenay-Malabry said that confidential documents related to the doping case against Landis were accessed by the intruders.

          Lab director Pierre Bordry claimed that hackers stole data (some of which was allegedly tampered with to make it appear that the samples had not been handled appropriately) in an attempt to discredit tests conducted by his team of scientists. The stolen files were subsequently used as part of Landis's defence at anti-doping hearings.

          In 2009, French computer specialist Alain Quiros, who worked for the private investigation company Kargus Consultants, admitted he was hired to hack into the laboratory's systems.

(By the way, Quiros had also admitted hacking into the computers of environmentalist movement Greenpeace on behalf of EDF, the world's biggest nuclear-reactor operator.)

          In addition, the Trojan horse was said to have been traced by investigators to an email sent by Landis's coach Arnie Baker. As Naked Security reported in early 2010, a French judge issued an arrest warrant for Landis - who had finally admitted to taking performance-enhancing drugs - and his now former coach Arnie Baker.

Prosecutors have now called for Floyd Landis to be given an 18-month suspended prison sentence. The same suspended sentence is proposed for Baker.

          The key question is whether the French courts can find convincing evidence that connects self-admitted hacker Alain Quiros to Landis. Without that, the wheels may well fall off this prosecution. Both Landis and Baker have denied any involvement in the hacking of the anti-doping lab.

Read More

The Pink Profile Pic Facebook virus hoax

          Have you noticed the profile pics of some of your Facebook friends have acquired a pink tinge?

Rumours have hit the social networking site that the Facebook app that turns your profile picture pink carries "keylogger malware" that can spy on your keypresses, and steal your passwords - not just from Facebook, but from online banks you may log into as well.

          One warning reads as follows:

ABC News 24 just released a statement about a virus on facebook app that adds a pink tinge to your profile picture to `raise money for cancer`.

Be aware this fake third-party app installs a virus on the machine you used to access the app. Apparently its a keylogger malware that searches for bank details and passwords etc. Facebook allows keylogger in its apps to aid predictive search algorithms, and therefore the virus hasnt been picked up.
Keep a look out for any of your friends who may have fallen victim to this app. Apparently, they should be easily identifiable with a pink tinge to their profile picture.

          However, the warning is balderdash. ABC News has released no such warning, the app is not malicious and we have seen no evidence that it contains a keylogger. The truth is that your Facebook friends are doing something positive - helping raise money and awareness for the fight against breast cancer.

Australian bank CUA raises funds every October for Breast Cancer Awareness Month, and this year decided to share an app that would change users' profile pictures pink to show that they were supporting the campaign.

          Remember to always get your computer security advice from a computer security company. Friends may be well-intentioned in passing on warnings, but it's always good to check your facts before forwarding them any further.

Read More

So I Googled your name and found.. a Twitter phishing attack!!

          Sometimes they claim to have found a funny picture of you, say that you look like you've lost weight, or that there's a horrible blog going around about you.

          Whatever the nature of the disguise used by phishing attacks on Twitter, the modus operandi is always the same. Scammers will send you a message, possibly from the compromised account of one of your Twitter followers, and use a social engineering lure to trick you into clicking on the link. And that link will, inevitably, lead to a fake Twitter login page - designed to grab your username and password which can then be used to send out more spam, or to break into your other online accounts.

          Here's the latest attack, which arrives in the form of a Direct Message (DM) from one of your Twitter pals, claiming that they have searched for you on Google and found some "really funny stuff" about you.

so i googled your name and found some really funny stuff about you lol its archived here [LINK]

Would you click on the link? Well, if you were tempted to do so your web browser would end up on a fake Twitter page just waiting for you to enter your username and password.

          And if you do enter your details, you've been phished. Ouch.!!! Hopefully, you're not one of the many people who use the same password on multiple websites - otherwise cybercriminals might not just be able to send spam from your Twitter account, they may also have just been handed the skeleton keys for other parts of your online existence. That could mean that scammers can now steal your personal information for financial gain. If you found your Twitter account was one of those sending out the phishing messages, you shouldn't just change your password and consider if you are using the same password elsewhere. It's also a sensible time to look again at how you choose your passwords.

          For instance, it's important that you don't use a word from the dictionary as your password. It's easy to understand why computer users pick dictionary words as they're much easier to remember.

          Password security is becoming more important than ever. Make sure that you're taking the issue seriously, or suffer the consequences. There's some other house-cleaning you should do on your Twitter account too. Visit the Applications tab in "Account Settings", and revoke access for any third-party application that you don't recognise.

Read More

India's leading telecom Company BSNL hacked by Pakistani Hacker

          A Pakistani hacker "KhantastiC haX0r" today hack into the official website of India's leading telecom Company Bharat Sanchar Nigam Limited (BSNL). This is not 1st time when BSNL become victim of any cyber attack. Pakistani Hackers hit Indian Corporate and National Government Websites, Servers time by time Just for FUN or so called Cyber War b/w these two countries. This year 2011, Attack/ defacement are less than the records of previous years. Most of the hacking groups from India now become White hat hackers and working for Cyber Security Awareness and Development. We wish same for all Pakistani hackers to start working for Security and Development. Anyway, The Hacker domain is http://bsnl.co.in/tender1/ .

Read More

Android becomes top platform for malware: Kaspersky Lab

          Android mobile malicious apps are targeting users' personal data, banking services. Computer security company Kaspersky Lab has revealed that Google's Android platform has established itself as the most popular for mobile malicious programs, overtaking other platforms as well as 'generic' Java malware.
 
          In September 2011 alone, the number of newly discovered malware for Android-based devices increased by more than 30%, according to data form the Moscow-based company. It said that the second half of 2011 has been an active one for cyber criminals, who have been increasingly looking for chances to set up new scams in the mobile device environment.  More alarmingly, Kaspersky Lab said, more and more often malicious mobile apps are targeting users' personal data. In October 2011 the share of particularly Android malicious apps trying to steal personal data went up to 34%.

          An example of a malicious app distributed through the official store is Trojan-Spy.AndroidOS.Antammi.b. This program, masquerading as a simple app for downloading ringtones, appeared on Android Market.  Kaspersky said that the "cover" program is designed for users in Russia, who use it to send text messages to a paid service to receive back desired tunes. This activity is perfectly legitimate; however, the malicious payload activity is simultaneously going on in the background. Like traditional "desktop" malware, Antammi.b steals almost everything: contacts, texts, GPS coordinates and even photos. The activity log is then sent to the criminal behind the scam via a simple e-mail message, and the data is uploaded to a server.

          The company said that the rise in malware on the Android platform is not surprising - due to the platform's leading market share, flexibility and openness, yet at the same time lax control over its software distribution. The result is a share of Android-based malicious programs among all mobile malware currently being higher than 46%, and growing rapidly. More worrying is the fact that mobile malware is also targeting banking services, said Kaspersky Lab.

Read More

Latest Security Flaw in Skype Enables IP address & Location Tracking

          The serious breach in the widely-used, internet video chat program means that any evil computer nerd could easily hunt down users' whereabouts, according to a study co-authored by an NYU-Poly professor.

           The flaw in Skype could allow a skilled hacker to find out the IP address from which a user has logged in to Skype, thereby determining the location of Skype users, which is a massive breach of privacy and security. The company is trying to downplay the flaw, claiming that the ability to derive IP addresses was common with all web based communication clients.

          The flaw can reportedly be exploited without the user’s knowledge, and can be executed on a massive scale. The reserch team demonstrated this by scheduling hourly calls to tens of thousands of Skype users.
Adrian Asher, Skype's chief information security officer, said that IP addresses are easily uncovered in most web communications clients."Just as with typical Internet communications software, Skype users who are connected may be able to determine each other's IP addresses. Through research and development, we will continue to make advances in this area and improvements to our software," he told.

Read More

Japan under Heavy Cyber Attack..!!

          In last two days several Cyber attacks breach corporate and National Security of Japan. First, Japanese parliament hit by cyber attack from China according to Report. A server located in China was used for the attack on the Japanese Lower House. This led to an extraordinary meeting of a key subcommittee after it emerged that hackers had access to emails and documents belonging to the chamber's 480 legislators for at least one month.

           The personal computers and servers of Japanese lower house lawmakers have been hit by a cyber attack, and passwords and user IDs may have been stolen.

           Next, Information on military aircraft and nuclear power plants may have been stolen in a series of cyberattacks on Japanese defence contractor Mitsubishi Heavy. Mitsubishi Heavy said late last month that 83 computers at 11 of its facilities had been hit by cyberattacks but no leakage of information on products and technologies had been confirmed.

          Christophe Bianco, European general manager at vulnerability management firm Qualys, warned that the revelations raise serious security questions that should concern all organisations."If this information has indeed been lost it shows that, even for companies acting in sensitive markets where the level of security is normally at the top level, it is difficult for them to protect themselves," he said."This gives perspective on the challenge currently faced by other private sector organisations that interact with the general public."

Read More

Occupy Wall Street : Anonymous Hackers Publish Law Enforcement Data

          Anonymous, the Internet “hactivist” group, today, apparently in support of the Occupy Wall Street protest movement, hacked into several different police databases and leaked sensitive personal data, among them passwords, names, addresses, phone numbers and social security numbers from the Boston Police Patrolmens’ Association (BPPA) and Birmingham, Alabama Police Department, according to several reports. Additionally, Anonymous claims to have hacked the International Association of Chiefs of Police, and offers the above image as proof.

            A press release by Anonymous said that the hack was timed to the IACP meeting as part of a "Day of Action Against Police Brutality." Another document appears to be about 1,000 user names and passwords belonging to the Boston Patrolmans' Association.

In a video, you can hear a hacker call the Baldwin country sheriff’s office to say “your website has been defaced,” and admit to the hack. The conversation was uploaded to YouTube. The call, made over Skype, comes from a British man who claims he hacked the website because he was bored, which goes against the wording of Anonymous’ press release. Yet another example of how the collective is relatively disjointed.

Read More

Hackers leak Citigroup CEO’s personal data after Occupy Wall Street arrests

          The mobile phone number and home address of Vikram Pandit, the chief executive of Citigroup, have been placed on the web by hacking group CabinCr3w in retaliation for the cuffing of protesters at an Occupy Wall Street demo.

           The hackers said in a statement online that they had accessed the data - which also included family information and some financial figures - and uploaded it online in response to events during the recent anti-bank protests on Wall Street.

           "During Occupy Wall Street [protests], protesters had made way to CitiBank to withdraw their funds and close their accounts. They were met with strong police prescence [sic] and arrested," CabinCr3w wrote. "We as american citizens MUST have full control over our money and lively hood[sic].When this is taken away from us, what else do we have? So the CEO of CitiBank has blindly jumped into the sights of the CabinCr3w".

           Last week, Pandit said he would be happy to meet with Occupy Wall Street protesters, who blame the financial sector for the bad economy, and oppose its influence on US politics and said he understood their concerns. CabinCr3w is responsible for data dumps on other bankers as part of the protest movement, including the CEOs of JP Morgan Chase and Goldman Sachs, as well as a New York police officer who sprayed pepper spray into protesters faces.

Read More

Spammers using shortened URL links to trick anti-spam measures: Symantec

          October Intelligence report discovers premium rate SMS dialer targeting users in Eastern Europe. Computer security company Symantec has revealed that for the first time, spammers have established a genuine URL shortening service that is publically available and will generate real shortened links.

          In the results of the October 2011 Symantec Intelligence Report. The company said that during 2010, 92% of spam emails contained URLs and the use of shortened links makes it harder for traditional anti-spam countermeasures to block the messages based on fingerprinting the URL. Legitimate services are much quicker to respond to abuse, and spammers are preying on the knowledge that many people are familiar with shortened links through their use in social media, and have developed a false sense of security about them, said Symantec.

          Symantec.cloud senior intelligence analyst Paul Wood said spammers are using a free, open source URL shortening scripts to operate the sites. Wood explained, "After creating many shortened URLs with their own service, the spammers then send spam including these URLs. These particular spammers use subjects designed to attract attention, like 'It's a long time since I saw you last!', 'It's a good thing you came' and so on. This is a common social engineering tactic, and is designed to arouse curiosity, particularly if they have a false sense of security around the safety of shortened links"

          Wood also said that spammers could be setting up their own URL shortening sites since legitimate URL shortening sites have slightly improved their detection of spam and other malicious URLs. "It's not fully clear why the sites are public. Perhaps this is simply due to laziness on the spammers' part, or perhaps an attempt to make the site seem more legitimate," Wood said.

          During October, Symantec Intelligence also discovered a premium rate SMS dialer targeting users in Eastern Europe. The dialer app attempts to pass itself off as a legitimate application by imitating the brand of a popular VoIP/messaging application. "Premium SMS dialers have started appearing on the mobile threat landscape more often, especially in Eastern Europe. It is no surprise that the authors responsible for using this lucrative revenue source appear to be evolving their tactics and moving to newer platforms," Wood said. The report also said that the UK had the highest ratio of malicious emails in October, with one in 146.4 emails identified as malicious.

Read More

SpyEye banking trojan: now with SMS hijacking capability

          The SpyEye banking trojan has acquired the ability to reroute one-time passwords sent to victims' cellphones, a measure that bypasses protections more and more financial institutions are adopting.
According to a blog post published Wednesday by a researcher from security firm Trusteer, SpyEye was recently observed trying to trick victims into reassigning the cellphone number they use to receive one-time passwords from their banks by SMS, or short message service.

           The social-engineering ploy is contained in fraudulent pages injected into their online banking sessions that falsely claim they have been assigned a unique telephone number dedicated for that purpose and a special SIM card will be received in the mail shortly. SpyEye injects this message (translated from Spanish) into some victims' online banking session.

           “Now the fraudsters can receive all future SMS transaction verification codes for the hijacked account via their own telephone network,” Trusteer researcher Amit Klein wrote. “This allows them to use the SMS confirmation system to divert funds from the customer's account without their knowledge, while not triggering any fraud detection alarms.”

           As the cost of online banking fraud has skyrocketed, many financial institutions have embraced the use of out-of-band authentication to reduce the effectiveness of SpyEye, ZeuS, and other trojans that steal online banking credentials entered into infected computers. The protections work by requiring customers to enter a one-time password sent by the bank to her phone before a large transaction is completed. The additional step often foils bank fraud even if a crook has the victim's user name and password.

           In true cat-and-mouse fashion, malware developers have responded by building new features that bypass these countermeasures. SpyEye, which recently merged with the ZeuS codebase, has been one of the leaders in figuring out new ways to defeat such countermeasures. Last month, SpyEye operators began bundling the it with malware that intercepts one-time passwords sent by SMS. SpyEye has been observed doing much the same thing to BlackBerry users, as well. The fraudulent message claiming the cellphone number must be reassigned is injected into victims' online banking sessions by the SpyEye malware infecting their machines. 

Read More

Anonymous disabled more than 40 child pornography websites

 

          Hactivists from Anonymous took control over 40 websites with child pornography and disclosed the list of 1500 claimed users of the sites on Pastebin.

          In their message on Pastebin hackers described the way they found a darknet site named Hidden Wiki, an index of sites concealed from casual internet users and search engines. Anonymous found a section “Hard Candy”, dedicated to child porn, while examining Hidden Wiki. In their statement hackers said: "We then removed all links on the website, within 5 minutes the links were edited back in by an admin. For this reason, we will continue to make the Hidden Wiki unavailable."

          Afterwards the hackers spotted a company called Freedom Hosting, which appeared to be “the largest collection of child pornography on the Internet.” Anonymous asked the company representatives to remove the illegal content from their server, but they refused to do so.  After the refusal, Anonymous got to action infiltrating the shared hosting server of Freedom Hosting and shutting down the services to all clients. But in several hours the Freedom Hosting administration restored from their backups and renewed services to child pornography clients. After issuing a number of new warnings, to which there was no reaction from Freedom Hosting, Anonymous once again shut down the company services.

          Anonymous claim that Freedom Hosting is now "#OpDarknet Enemy Number One" and they will continue taking down the sites, which share child pornography.  "This statement is not just aimed at Freedom Hosting, but everyone on the Internet. It does not matter who you are, if we find you to be hosting, promoting, or supporting child pornography, you will become a target", they warn.  Anonymous demand that child porn be completely removed from the Internet. They say the companies must stop providing hosting services to any website dealing with child pornography.

Read More

Android malware under blog control says Trend Micro

          Trend Micro is reporting a Chinese Android malware that operates partly under the command and control of a blog. The ANDROIDOS_ANSERVERBOT.A malware is disguised as an e-book reader offered on a third-party Chinese app store. It uses two command and control servers, one of them served out of a blog with encrypted posts. Posts to the blog identify the URL of the primary C&C server.

          This presumably gives the malware's makers a handy way to move their C&C server around to avoid detection. The blog also hosts new copies of ANDROIDOS_ANASERVERBOT.A which are downloaded when the software connects (see Trend Micro's flowchart for the process).

          The security company also notes that upon installation, the supposed e-book reader asks for an unreasonable number of permissions – should the user be foolish enough to allow installation after reading the permission requests, the malware can access network settings and the Internet, control a device's vibration alert, disable key locks, make calls, read low-level logfiles, read and write contact details, restart apps, wake the device, and use SMS.

          Targeted at Chinese users, the app also disables security software from Qihoo360 and Tencent, among others. Android security has been increasingly under a cloud, with scrambling for a fix after turning its phones into data-spewing monsters; a banking Trojan designed to intercept security texts; a security researcher discovering a dozen malicious apps on the official Android market; and earlier this month, Google was criticized as ignoring a bug that allowed malware to be installed without warning.

Read More

German Police Used Trojan to Tap Skype Calls and IM Chats

          German researchers captured and analyzed a new Trojan horse which they claim might be used by police to tap Skype calls and IM messages.  According to German laws it is legal to use a "Bundestrojaner" ("Federal Trojan"), which have being used by police to record VoIP traffic for many years. The new R2D2 (0zapftis) Trojan can also download updates from the internet, log keystrokes, take screenshots and record IM chat conversations.

          The German chancellor's press secretary denied that the R2D2 trojan has been used by the BKA, the German Federal criminal police. This denial has failed to stem speculation.  One popular theory is that Trojan might have been created by Digitask for the Bavarian government. Such speculation in interesting, though not based on any evidence outside of papers released by WikiLeaks suggesting Digitask had at least offered to create this sort of software.

          The R2D2 name comes from a string of ASCII, "C3PO-r2d2-POE", found in the mystery Trojan. Likewise, the 0zapftis name also appears, a phrase meaning "the barrel is open" that's used by the Munich mayor in opening Oktoberfest every year.  According to Mikko Hypponen (F-Secure): “It's not well written. Which, I guess, makes it *more* likely it's developed by a Government...”

Update
          Bavaria, Baden-Württemberg, Brandenburg and Lower Saxony have all reported use of the R2D2 Trojan "within the parameters of the law."  Joachim Herrmann, interior minister for Bavaria, promised to conduct a review into the software's use in order to ensure that it complied with the Bundesverfassungsgericht's 2008 ruling on the use of Quellen-TKÜ technology, while justice minister Sabine Leutheusser-Schnarrenberger called for a joint investigation between state and federal government.
While use of the R2D2 Trojan by local law enforcement agencies - known as Landeskriminalamt, or LKA - has been confirmed, an official statement from the Interior Ministry denies that any such tool was being used at a federal level by the BKA.

Read More

Hackers using Gaddafi news to send malware

          Email claims to be from 'AFP Photo News', offers 'bloody photos' of Gaddafi's death. Spammers and cybercriminals are using the death of Libyan dictator Muammar Gaddafi, and the Agence France-Presse (AFP) photos bait to trick Internet users into downloading malware. Computer security firm Sophos has warned that cybercriminals are spreading an email that looks like a forwarded message. The mails sometimes have "AFP Photo News" pictures of a bloodied Gaddafi.

          "In reality, opening the attached file on a Windows computer puts PCs at risk of malware infection," Sophos said. Sophos senior technology consultant Graham Cluley said the "death of Libyan dictator Colonel Gaddafi has almost inevitably resulted in cybercriminals taking advantage of the news story, and the general public's seeming interest in viewing ghoulish photos and videos of his last moments." "Hackers have spammed out an attack posing as pictures of (Kadhafi's) death, tricking users into believing that they came from the AFP news agency and are being forwarded by a fellow Internet user," Cluley said.

           Cluley added that the email claims to be from "AFP Photo News" and offers "bloody photos" of Gaddafi's death. The subject in a detected email with malware reads: "Fw: AFP Photo News: Bloody Photos: Libya dictator Moammar Gadhafi's Death". While, the message body reads: "Libya dictator Moammar Gadhafi's Death "Libyan dictator Moammar Gadhafi, the most wanted man in the world, has been killed, the country's rebel government claimed Oct. 20. The flamboyant tyrant who terrorized his country and much of the world during his 42 years of despotic rule was cornered by insurgents in the town of Sirte, where Gadhafi had been born and a stronghold of his supporters.

          "Attached file: Bloody Photos_Gadhafi_Death.rar "

          Sophos has said that Windows computer users who decompress the attached file are putting their PCs at risk of infection. The RAR archive file creates a malicious file called: "Bloody_Photos_Gadhafi_Death\Gadhafi?rar.scr" warned Sophos. AFP has said that it has sent no such email, and has urged Internet users to avoid opening the email and updating or applying their security settings.

Read More

Microsoft recovers from Microsoft's official YouTube channel hack.. :-)

          Hackers have taken control of Microsoft's official YouTube channel, removed the company's videos and replaced them with ones of their own.

          At the time of writing, the hackers are still uploading new videos to the channel. The ones we have seen so far are typically three or four seconds in length, and typically call on other internet users to post video responses, create new background images for the channel or provide sponsorship.
Another brief video, entitled "Bingo", shows an animated character from what appears to be the "LA Noire" videogame by Rockstar Games, shooting another character in the head.
A message posted on the channel cryptically reads:

"I DID NOTHING WRONG I SIMPLY SIGNED INTO MY ACCOUNT THAT I MADE IN 2006 :/"

        It seems unlikely that the change to the YouTube channel is a bizarre publicity stunt by Microsoft. After all, what would be the sense in deleting its archive of past videos - many of which are embedded on third-party sites around the world. Although there are no details yet about how hackers managed to gain control of Microsoft's YouTube account, the obvious suspicion has to be that a Microsoft employee who had administrative rights over the channel was careless with their password.
One YouTube user, however, has left a comment on one of the videos describing his theory on how Microsoft's YouTube account was compromised:

    This is how he "hacked" the channel:
He legittly made the account Microsoft when youtube wasn't that big but the REAL Microsoft probably asked Youtube to disable it and give it to them. The flaw is that this account was probably still linked to this kid's email and microsoft forgot to change it or whatever.
So all this kid had to do was recover this account using his old email.
Not that hard. Thats probably how the other big Channels got "hacked".
Thumbs this up so people can see!

          If that's true, then it's a colossal foul-up by YouTube that may concern other well-known brands who have established presences on the video network. Regardless of how the hack occurred, it's embarrassing and inconvenient for Microsoft. The attack comes just a week after hackers broke into the Sesame Street YouTube channel, and replaced its child-friendly content with hardcore pornographic movies.

Read More

Data breach more stressful than divorce, say IT managers

          IT managers feel that getting a divorce or losing their job is less stressful than looking after company confidential data.  New research by Websense, a content security and data theft protection company, has found that for IT managers the stress of managing their company confidential data is greater than divorce, managing personal debt, or a minor car accident.

          Websense commissioned independent research firm Dynamic Markets to survey 1,000 IT managers and 1,000 non-IT employees in the US, UK, Canada, and Australia about the latest threats to corporate and personal security, including modern malware and advanced persistent threats (APTs). The research revealed that IR managers are feeling the pressure and saying that data loss incidents put their jobs on the line. The study also highlighted that serious data breaches have occurred compromising CEO and other executives' data, confidential customer data, and data necessary for regulatory compliance.

          In the survey, 72% said protecting company data is more stressful than getting a divorce, managing personal debt, or being in a minor car accident. 14% said losing their job would be less stressful than staying in their current role. In the poll, 86% said that their job would be at risk if a security incident were to occur, including if a CEO or other executive's confidential data is breached (36%); data needed for compliance is lost (34%); and if confidential information is posted on a social networking site (34%). Nearly 37% said that data has been lost by employees. The study found about 20% stating that data affected by regulatory compliance was compromised. While, 20% have seen confidential information posted on social networking sites, 34% of employees who accidentally compromise data wouldn't tell their boss.

          However, Websense said that help is on the horizon. It said data security talk now involves top management. 91% of IT security managers report that new levels of management have engaged in data security conversations in the last year, including the head of IT (43%), managing director (38%), and CEO (33%). This means that until recently, the head of IT was often not involved, said Websense. Websense senior director of Product Marketing Tom Clare said the survey shows that companies need to recalculate their assumptions about how well their data is protected.

          "When asked about real-time protection solutions in place, many respondents listed product and vendor names that don't offer real-time protection at all, Clare said. He continued, "Advanced threats are using attack elements and methods that AV was not designed to address -- and are written and tested specifically to bypass AV. Companies need a robust, layered security strategy -- like our Websense TRITON solutions -- that can truly protect them from modern malware in the wild and effectively keep their confidential data protected however it's being used."

Read More

Duqu, Stuxnet are different worms: Kaspersky

          It is believed the Stuxnet virus was originally developed to disrupt Iran's nuclear programme. Analysis by computer security experts has showed the worm exploited no fewer than four previously unknown vulnerabilities in Microsoft Windows to take over industrial control systems, making it more sophisticated than any virus seen before. Once inside a Windows systems, the self-replicating code looks for connections to Siemens industrial control systems exploiting more vulnerabilities in the Siemens' own operating system to make clandestine adjustments to industrial processes.

          Stuxnet targeted industrial control systems sold by Siemens that are widely used around the globe to manage everything from nuclear power generators and chemical factories to water distribution systems and pharmaceuticals plants. The worm first came into light late last year after studies showed a likelihood of a "nation state" to be behind the worm meant to target Iran's nuclear programme. In April, Iran claimed that Siemens helped the US and Israel to launch the computer worm Stuxnet against its nuclear facilities. Homeland Security and Idaho National Laboratory analysts are trying to find out ways to fight the worm. But the origin of the worm is still unknown.

          Earlier, Ralph Langner, one of the first researchers to show the working of the sophisticated malware, had revealed that he believes Mossad is involved, but the US is the leading source of the worm. Last week, computer security company Symantec revealed that a research lab had discovered a new malicious code that "appeared to be very similar to Stuxnet." Symantec had said, "The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

          "Parts of Duqu are nearly identical to Stuxnet, but with a completely different purpose. "Duqu is essentially the precursor to a future Stuxnet-like attack," Symantec had said. Kaspersky Lab said the Duqu worm was first detected in early September 2011, after a user in Hungary uploaded one of the components of the malware to the Virustotal website, which analyses infected files with anti-virus programs of different manufacturers. The company added, "However, this first-detected sample of turned out to be just one of several components that make up the whole of the worm. A little later, in a similar way, the Kaspersky Lab anti-malware experts received a sample of another module of the worm via Virustotal, and it was specifically its analysis that permitted finding a resemblance with Stuxnet."

          The Moscow-based Kaspersky Lab believes that though there are some overall similarities between the two worms, Duqu and Stuxnet have some significant differences. Kaspersky Lab experts started to track several variants of Duqu in real time infection attempts by the worm among users of the cloud-based Kaspersky Security Network. The company said it was surprise to find that during the first 24 hours only one system had been infected by the worm. Stuxnet, on the other hand, infected tens of thousands of systems all around the world; it is assumed that it had, however, a single ultimate target - industrial control systems used in Iran's nuclear programs.

          The ultimate target of Duqu is as yet unclear. What is alarming in this case however is that the ultimate objective of Duqu remains unknown, said Kaspersky Lab. The security experts at Kaspersky Lab found that only infection with the worm among users of the Kaspersky Security Network was an infection with one of the several modules that presumably make up the Duqu worm.  The company said instances of infection by the second module, which is, in essence, a separate malicious program - a Trojan-Spy - have not yet been found. It is specifically this module of Duqu that possesses the malicious functionality - it gathers information about the infected machine and also tracks key strokes made on its keyboard, warned Kaspersky Lab .

          Kaspersky Lab chief security expert Alexander Gostev said, "We've not found any instances of infections of computers of our clients with the Trojan-Spy module of Duqu. This means that Duqu may be aimed at a small quantity of specific targets, and different modules may be used to target each of them."
Kaspersky Lab said one of the yet-to-be-solved mysteries of Duqu is its initial method of penetration into a system: the installer or "dropper" needed for this has not yet been found.

Read More