November 9th, 2009

CBS 60 Minutes tackles cyber-terrorism

Posted by Ryan Naraine @ 7:07 am

Categories: Arbitrary Code Execution, Black Hat, Botnets, Browsers, Data theft, Exploit code, Governments, Hackers, Malware, People's Republic of China, Russia, United States of America

Tags: Cyberterrorism, CBS Corp., Hacking, Security, Ryan Naraine

Could hackers get into the computer systems that run crucial elements of the world’s infrastructure, such as the power grids, water works or even a nation’s military arsenal?  Watch the CBS News 60 Minutes segment after the jump. Read the rest of this entry »

September 29th, 2009

Chinese hackers launch targeted attacks against foreign correspondents

Posted by Dancho Danchev @ 9:26 am

Categories: Adobe, Anti Virus, Botnets, Browsers, Complex Attacks, Exploit code, Governments, Hackers, Malware, Passwords, People's Republic of China, Spam and Phishing

Tags: China, Malware, Hacker, Attack, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

According to an assessment published by the Information Warfare Monitor, Chinese hacktivists (politically motivated hackers) have recently launched a targeted malware attack against foreign news correspondents attempting to trick them into executing a malware-embedded PDF attachment (Interview list.pdf), coming from a non-existent editor working for The Straits Times.

The attacks coincide with the upcoming nation-wide celebration of the 60th anniversary of the PRC, and appear to be directly connected to the GhostNet cyber espionage network exposed earlier this year.

Key findings of the assessment include:

Read the rest of this entry »

September 23rd, 2009

Scareware scammers hijack Twitter trending topics

Posted by Dancho Danchev @ 6:48 am

Categories: Anti Virus, Browsers, Hackers, Malware, Passwords, Social Networking Applications, Ukraine, Web 2.0

Tags: Twitter Inc., Spamming, Spam, Cyberthreats, Viruses And Worms, Security, Spam And Phishing, Dancho Danchev

Researchers from F-Secure and Sophos are reporting on an ongoing scareware serving campaign abusing the popular micro-blogging service Twitter.

Hundreds of tweets using four different URL shortening services are currently spammed through the automatically registered Twitter accounts, relying on a pseudo-random text generation using Twitter’s trending topics.

Read the rest of this entry »

September 11th, 2009

9/11 related keywords hijacked to serve scareware

Posted by Dancho Danchev @ 12:30 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Ukraine, Web 2.0

Tags: Malware, 9/11 Commission, Keyword, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Anticipating the logical peak of 9/11 related keywords on the 8th anniversary of the attacks, cybercriminals have hijacked the trending topic by occupying thousands of related keywords for the purpose of serving fake security software.

None of the sites are currently marked as harmful by the SafeBrowsing initiative, due to the evasive tactics applied in the campaign, with the majority of them already appearing within the first twenty results.

Is this a deliberate 9/11 themed blackhat SEO campaign, or is it “blackhat SEO for scareware serving purposes as usual” type of campaign?

Read the rest of this entry »

September 10th, 2009

Citizens Financial sued for insufficient E-Banking security

Posted by Dancho Danchev @ 1:12 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Rootkits, Russia, Spyware and Adware, Ukraine, Viruses and Worms

Tags: Electronic Banking, Financial, Two-factor Authentication, Online Banking, Banking, Financial Services, Security, Dancho Danchev

If a fraudulent transaction ever takes place on one of your bank accounts due to their compromise, who’s to blame - the bank, for not providing you as a customer with state-of-the-art security mechanisms that could have prevented it, or you, as a customer whose insecure online behavior led to the compromise at the first place?

In the Shames-Yeakels vs Citizens Financial lawsuit, a couple that lost $26,500 due to a compromised account, may have all the good reasons to blame their bank’s outdated E-banking authentication process, which in 2009 is a combination of SSL connection next to a user name and a password, with no sign of two-factor authentication in place:

Read the rest of this entry »

September 9th, 2009

'Anonymous' group attempts DDoS attack against Australian government

Posted by Dancho Danchev @ 3:03 pm

Categories: Botnets, Browsers, Denial of Service (DoS), Governments, Hackers, Pen testing

Tags: Government, Crowdsourcing, Distributed Denial Of Service, Security, Dancho Danchev

Following a threat posted on YouTube a month ago, the the well known malicious pattern of the “Anonymous group” failed to materialize earlier today when the group attempted to launch a distributed denial of service (DDoS) attack against the web sites of Australia’s Prime Minister and the Australian Communications and Media Authority’s web site as a protest against Internet censorship.

What tactics did they use, why it failed and who’s behind it? Let’s review the 09-09-2009.org campaign, as well as Operation Didgeridie.

Read the rest of this entry »

August 27th, 2009

The most dangerous celebrities to search for in 2009

Posted by Dancho Danchev @ 1:27 pm

Categories: Anti Virus, Botnets, Browsers, Hackers, Malware, Passwords, Russia, Ukraine, Uncategorized, Web 2.0

Tags: Web, Digg, Malware, Spyware, Adware & Malware, Cyberthreats, Viruses And Worms, Security, Dancho Danchev

Searching for which celebrity has the highest probability of tricking you into visiting a malware-friendly web site?

Last year it was Brad Pitt, but according to this year’s McAfee report “Riskiest Celebrities to Search on the Web“, it’s Jessica Biel related searches that have “one in five chance of landing at a Web site that’s tested positive for online threats, such as spyware, adware, spam, phishing, viruses and other malware“.

Read the rest of this entry »

July 23rd, 2009

China's Green Dam and the cyberwar implications

Posted by Ryan Naraine @ 8:30 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Complex Attacks, Denial of Service (DoS), Exploit code, Governments, Malware, Pen testing, People's Republic of China, United States of America, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Software, China, Vulnerability, Computer, Chinese Internet, Green Dam, Government, Productivity, Tools & Techniques, Internet

Guest editorial by Oliver Day

Chinese military leaders have always been aware of the military advantage the US has over the People’s Liberation Army.  Reading through their published assessments of Sino-US war possibilities confirm our belief that we would dominate them in the air, land and sea.  However the PLA was born of asymmetric warfare and this remains a core part of their strategies against any possible wars with the US.  Specifically the PLA writes about the use of cyberwarfare as a means of countering this imbalance.
Read the rest of this entry »

July 2nd, 2009

Manchester City Council pays $2.4m in Conficker clean up costs

Posted by Dancho Danchev @ 7:22 am

Categories: Anti Virus, Botnets, Governments, Hackers, Malware, Microsoft, Patch Watch, Pen testing, United Kingdom, Viruses and Worms

Tags: Infection, Patch Management, Worm, Conficker, Cyberthreats, Security, Patches, Viruses And Worms, Dancho Danchev

How severe can the impact of the Conficker worm be on a single city council that has apparently not implemented basic security solutions in place?

Pretty severe according to a recently released a report entitled “Service interruption resulting from ICT disruption in February 2009” which details the financial costs of a Conficker incident affecting Manchester City Council’s network - 1.5 million pounds in clean up costs and lost revenue from the downtime.

Where did all the money go, and can this incident cost be used as an average to draw conclusions from in the long term in respect to assessing Conficker’s financial impact on affected networks? Let’s find out.

Read the rest of this entry »

June 24th, 2009

Remote code execution exploit for Green Dam in the wild

Posted by Dancho Danchev @ 7:52 am

Categories: Anti Virus, Arbitrary Code Execution, Botnets, Browsers, Exploit code, Governments, Hackers, Malware, Metasploit, Patch Watch, People's Republic of China, Vulnerability research, Zero-day attacks

Tags: Web, Flaw, Buffer, Web Site, Security, Viruses And Worms, Marketing, Internet, Dancho Danchev

The recently exposed as vulnerable to trivial remotely exploitable flaws Chinese censorware Green Dam, has silently patched the security flaws (China confirms security flaws in Green Dam, rushes to release a patch) outlined in the original analysis detailing the vulnerabilities.

However, not only is the latest Green Dam v3.17 version still vulnerable to remotely exploitable flaws, but also, for over a week now a working zero day exploit (Exploit.GreenDam!IK; W32/GreenDam.A) has been circulating in the wild.

Here are more details on the remote code execution flaw in the latest version:

Read the rest of this entry »