October 29th, 2009

Phishing experiment sneaks through all anti-spam filters

Posted by Dancho Danchev @ 2:16 pm

Categories: Botnets, Browsers, Hackers, Phishing, Spam and Phishing

Tags: Anti-spam, LinkedIn, E-mail, Phishing, Cyberthreats, Spam, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

A recently conducted ethical phishing (New study details the dynamics of successful phishing) experiment impersonating LinkedIn by mailing invitations coming from Bill Gates, has achieved a 100% success rate in bypassing the anti-spam filters it was tested against.

The experiment emphasizes on how small-scale spear phishing campaigns are capable of bypassing anti-spam filters, and once again proves that users continue interacting with phishing emails.

More info on the methodology used:

Read the rest of this entry »

October 27th, 2009

Facebook password-reset spam is Bredolab botnet attack

Posted by Ryan Naraine @ 8:27 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Data theft, Denial of Service (DoS), Facebook, Locally Running Web Servers, Malware, Microsoft, Passwords, Phishing, Social Networking Applications, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: Facebook, Spam, Attack, Virus Hunter, Cyberthreats, E-mail, Identity Theft, Security, Viruses And Worms, Online Communications

Virus hunters are raising the alarm for a large-scale spam attack that uses fake Facebook password-reset messages to trick PC users into downloading a dangerous piece of malware.

The malicious executable is linked to the Bredolab botnet, which has been linked to massive spam runs and identity-theft related attacks. Read the rest of this entry »

October 22nd, 2009

Gaping security hole in Time Warner cable routers

Posted by Ryan Naraine @ 9:11 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Exploit code, Java, Mobile (In)Security, Passwords, Patch Watch, Pen testing, Phishing, Responsible disclosure

Tags: Security, Time Warner Inc., Router, Network, Time Warner Cable Inc., Chen, Routers & Switches, Network Technology, Networking, Ryan Naraine

A gaping security hole in cable modems distributed to Time Warner/Road Runner customers could potentially be exploited remotely to access private networks and possibly capture and manipulate private data.

That’s the warning issued by David Chen, a blogger and start-up founder who discovered he could trivially access a customer’s  of Time Warner’s SMC8014 series cable modem/Wi-Fi router combo by simply disabling JavaScript in the browser to access hidden features in the router’s admin interface. Read the rest of this entry »

October 20th, 2009

Google Voice mails exposed for all to see and hear

Posted by Ryan Naraine @ 7:52 am

Categories: Browsers, Google, Hackers, Locally Running Web Servers, Passwords, Phishing, Responsible disclosure

Tags: Google Inc., Telecom & Utilities, Ryan Naraine

A simple search query has exposed Google Voice mail messages (audio and transcript) for anyone to see and hear.

As first reported here, a user entering “site:https://www.google.com/voice/fm/*” into the Google search bar discovered random voice mail messages belonging to random Google Voice accounts (see screenshot below). Read the rest of this entry »

October 9th, 2009

Google patches Android DoS vulnerabilities

Posted by Ryan Naraine @ 11:17 am

Categories: Arbitrary Code Execution, Browsers, Complex Attacks, Data theft, Denial of Service (DoS), Exploit code, Google, Mobile (In)Security, Patch Watch, Pen testing, Phishing, Responsible disclosure, Reverse Engineering, Spam and Phishing, iPhone

Tags: Google Inc., Phone, DOS, Vulnerability, Patch Management, Cell Phone, SMS, SMS Message, Text Messaging/SMS/MMS, Telephony

Google has shipped a new version of the Android open-source mobile phone platform to fix a pair of security flaws that could lead to denial-of-service attacks.

According to an advisory from oCERT, a group that handles vulnerability disclosure for open-source projects, the flaws could allow hackers to render Android-powered devices useless. Read the rest of this entry »

October 6th, 2009

Weak passwords dominate statistics for Hotmail's phishing scheme leak

Posted by Dancho Danchev @ 11:35 am

Categories: Browsers, Data theft, Hackers, Microsoft, Passwords, Phishing, Spam and Phishing

Tags: MSN Hotmail, Password, Phishing, Security, Spam And Phishing, Dancho Danchev

The recently leaked accounting data of thousands of Hotmail users — Gmail has also been affected — obtained through what appears to be a badly executed phishing campaign, once again puts the spotlight on the how bad password management practices remain an inseparable part of the user-friendly ecosystem.

According to a statistical analysis of the 10,000 passwords published by Bogdan Calin at Acunetix, 42% of the phished users use lower alpha passwords only (a to z), 19% rely on numbers only, with 22% of the total sampled population using a 6 character password (Live.com’s minimum), followed by 21% of users using 8 character passwords.

Here are the top 10 most commonly used passwords:

Read the rest of this entry »

September 30th, 2009

New botnet hides commands as JPEG images

Posted by Ryan Naraine @ 6:08 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Data theft, Malware, Passwords, Phishing, Spam and Phishing, Spyware and Adware, Viruses and Worms

Tags: JPEG, Trojan Horse, Bot, Spyware, Adware & Malware, Spyware, Viruses And Worms, Security, Ryan Naraine

Security researchers have stumbled on a new botnet that uses an interesting technique to mask its nefarious intentions.

The Monkif/DIKhora botnet, which is pushing out Trojan downloaders to infected machines, is encoding the instructions to appear as if the command-and-control server is returning a JPEG image file, according to SecureWorks researcher Jason Milletary. Read the rest of this entry »

September 30th, 2009

RIM plugs BlackBerry phishing hole

Posted by Ryan Naraine @ 5:48 am

Categories: Browsers, Complex Attacks, Data theft, Hackers, Locally Running Web Servers, Mobile (In)Security, Passwords, Patch Watch, Phishing

Tags: Research In Motion Ltd., RIM BlackBerry, Phishing, Device User, Handhelds, Hardware, Ryan Naraine

Research in Motion (RIM) has shipped a fix for a serious security vulnerability that exposes BlackBerry users to phishing attacks.

The certificate handling vulnerability, which carries a CVSS severity score of 6.8, affects all versions of the BlackBerry device software.  The flaw allows malicious hackers to trick BlackBerry device users into connecting to an attacker-controlled Web site, RIM warned in an advisory.

Read the rest of this entry »

September 29th, 2009

Hacker ships tool to circumvent China's Green Dam filter

Posted by Ryan Naraine @ 5:22 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Denial of Service (DoS), Digital rights management, Exploit code, Locally Running Web Servers, Microsoft, Patch Watch, Pen testing, Phishing, Research, Responsible disclosure

Tags: Researcher, Hacker, Tool, Productivity, Government, Security, Ryan Naraine

A security researcher at the University of Michigan has released a tool that help Chinese computers users disable the censorship functionality of the controversial Green Dam Youth Software.

The Dam Burst utility, created by researcher Jon Oberheide, works by by injecting code into a running application and removing the Green Dam hooks that enable it to monitor and block user activity. This effectively restores the running application to its original uncensored state, Oberheide explained. Read the rest of this entry »

September 24th, 2009

Microsoft says Google Chrome Frame doubles IE attack surface

Posted by Ryan Naraine @ 7:00 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Google, Google Chrome, Malware, Microsoft, Pen testing, Phishing

Tags: Google Inc., Microsoft Internet Explorer, Microsoft Corp., Google Chrome, Attack, Web Browsers, Cyberthreats, Spyware, Adware & Malware, Security, Viruses And Worms

Google’s decision to introduce a plug-in that runs Google Chrome inside Microsoft’s Internet Explorer isn’t sitting well with the folks at Redmond.

The Google Chrome Frame, which is presented as a  seamless way to bring Google Chrome’s open web technologies and speedy JavaScript engine to Internet Explorer, has increased the attack surface for IE users, Microsoft said today. Read the rest of this entry »