Archives for the Month of November 2007 on Distilled Netsec
Trojan steals usernames and passwords from online gamers
Online gamers, be on guard - A new Trojan named ‘Win32.OnLineGames.dr’ can rob your username and password of the game account, warn the experts at MicroWorld Technologies. ‘OnlineGames.dr’ comes into computers via offers and help notes posted by crooks in game forums or by exploiting browser vulnerabilities.
Written in Delphi language, ‘OnlineGames.dr’ injects its DLL component into running processes and places an ‘autorun.inf’ file in the root of each drive to ensure that it gets activated every time a drive is opened.
Once active, it snoops on user activity, steals confidential account information from unwitting victims and sends it to a remote attacker. In a few cases, the Trojan also posts this stolen information to certain malicious websites. With the username and password of a virtual game player in his hand, the Trojan writer can directly log on to the victim’s account and sell off the characters and other goods for real world money.
This Trojan targets ‘Massively Multiplayer Online Role-playing Games’ (MMORPG), particularly the ones like Gamania and Wowtaiwan, meant for the Taiwanese audience. MMORPG is a genre of online computer role-playing games where a huge number of players interact with each other in a fantasy world. Every participant plays the role of a fantasy character and buys and sells fictional goods online, while they also barter stuff among each other. On many websites you can buy goods and characters using actual currency and do vice versa.
source:
http://www.net-security.org/malware_news.php?id=880
Malicious Website / Malicious Code: Rock Phish Using YouTube
Websense Security Labs ThreatSeeker has received reports of new malicious code that utilizes the YouTube brand to lure users into running the code.
The attack begins with an email lure written in html that invites users to view a video from YouTube. Upon connecting to the site, users are directed to a page that resembles the real YouTube site. The page then reports that the video cannot load and attempts to dupe users into downloading and installing a flash player.
Source:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=818
Watch out for e-mail hijack scams
I received an interesting e-mail the other day. It was an advertisement for a Web site (i.e. spam) that supposedly offered Swiss watches for sale. Now I get a lot of this type of spam every day, but there was one thing that set this one apart – it was from me!
I displayed the full headers and discovered that the “reply to” field was actually another Yahoo account. I reported the spam to Yahoo, which promptly checked my account and discovered that a spammer was “hijacking” my e-mail address and copying it into the “From” header of the e-mail. Luckily Yahoo Customer Service assured me my account had not been accessed.
source:
http://www.networkworld.com/columnists/2007/111307-yoke-user-view.html?fsrc=rss-columnssource:
It was Patch Tuesday
Seems the UK is progressive on security
A Microsoft executive calls the ease with which two British e-crime specialists managed to hack into a Windows XP computer as both "enlightening and frightening."
The demonstration took place Monday at an event sponsored by Get Safe Online--a joint initiative of the U.K. government and industry. At the event, which was aimed at heightening security awareness among small businesses, two members of the U.K. government intelligence group Serious Organized Crime Agency connected a machine running Windows XP with Service Pack 1 to an unsecured wireless network. The machine was running no antivirus, firewall, or anti-spyware software and contained a sample target file of passwords to be stolen.
Is the pot or the kettle black?
Visa allowed TJX to remain non-compliant even though the credit card company knew about major security problems.
Credit card company Visa knew in late 2005 of the extensive security problems at TJX, but decided to give the retailer permission to remain non-compliant through Dec. 31, 2008, according to documents filed in federal court on Nov. 8.
The Dec. 29, 2005, letter from Joseph Majka, a fraud control vice president for Visa, was written months after cyber-thieves had already secretly infiltrated TJX's systems, starting the work that would ultimately become the worst data breach in credit card history.
source:
http://www.eweek.com/article2/0,1759,2215022,00.asp?kc=EWRSS03129TX1K0000614
Major Russian crime hub suddenly dies
One of the Internet's most notorious malware and software exploit hubs, the Russian Business Network (RBN), has suddenly gone offline.
Trend Micro reports that Internet domains associated with the network went down at 7 p.m. Pacific Standard Time on Tuesday, Nov. 6 (3 a.m. GMT Wednesday, Nov. 7), taking with it a network provider accused of hosting some of the worst criminal activities the Internet has to offer, including various high-profile software exploits, voracious Trojan malware, and even hosting sites used for child porn.
sometime reality is better then fiction
Source:
http://www.networkworld.com/news/2007/110807-major-russian-crime-hub-suddenly.html?fsrc=rss-security
Seems that marketing is better then reality
Encrypted E-Mail Company Hushmail Spills to Feds
Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer."
source:
http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html
Wonder if anyone gets caught after they steal identities
NY Indicts 17 on Trafficking, ID Thefts
A grand jury has indicted 17 people and a corporation on charges of identity theft, worldwide trafficking in stolen credit card numbers and other crimes committed using the Internet, prosecutors said Wednesday.
The 173-count indictment, resulting from the second phase of a two-year investigation, says the defendants trafficked in more than 95,000 stolen credit card numbers and caused more than $4 million in credit card fraud.
The defendants ran Internet ads saying they had countless credit card numbers and other identifying information to sell to crooks, according to Manhattan Assistant District Attorney John Bandler. One of their Web sites was titled "The International Association for the Advancement of Criminal Activity."
Source:
http://www.enterprise-security-today.com/story.xhtml?story_id=56583
Multiplying Mac Trojan not epidemic yet
If Mac users thought the Trojan discovered last week was a one-off, they'll need to think again.
Security firm F-Secure has discovered 32 variants of it, but claims about its powers have been wildly overstated, according to experts.
"Looks like the Mac Trojan we posted about last week was not an isolated incident. The gang behind it seems serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the Trojan for the Mac too," Mikko Hypponen, chief research officer at F-Secure, wrote in his blog this week.
Last week, Mac security software vendor Intego discovered a Trojan designed for Mac OS X being distributed via porn sites.
Source:
http://www.news.com/Multiplying-Mac-Trojan-not-epidemic-yet/2100-7349_3-6217540.html?part=rss&tag=6217540&subj=news
looks like Mac gets some trojans
The gang behind it seems serious about targeting Mac users as well as Windows users. And they keep putting out slightly modified versions of the trojan for the Mac too:
source:
http://www.f-secure.com/weblog/archives/00001312.html
Windows Users Getting Bitten by Macrovision Zero Day
Microsoft and Macrovision are working to neutralize a zero-day flaw that could cause a complete system takeover.
Microsoft is working with Macrovision to check out a flaw in a driver on Windows Server 2003 and Windows XP that's being exploited in the wild, according to a Microsoft special security advisory released after business hours on Nov. 5. The danger is complete system takeover.
The vulnerability is in the Macrovision secdrv.sys driver on supported editions of Windows Server 2003 and Windows XP. The affected product is Macrovision SafeDisc, a copy-protection application written for Windows.
source:
http://www.eweek.com/article2/0,1759,2212591,00.asp?kc=EWRSS03129TX1K0000614
Mount Your iPhone Over Wireless
Wouldnt it be nice if you could have your iPhone’s filesystem on your desktop? Well, you actually can when using SSHFS. SSHFS which is a MacFUSE extension can use SSH to mount your iPhone over wireless to your Mac. Once your iPhone is mounted, the entire filesystem is available just like any other hard drive on your system. Below is how you can do it
source:
http://security-protocols.com/2007/10/18/mount-your-iphone-over-wireless/
Malware Hunting
Seems there is a NEW Batch of nasty malware afoot. I spent part of Sunday doing Malware removal on some systems some friends of mine have at their house.
BAD GUYS are now infecting computers with new type of malware. NOW the bad guys want the user to pay for removal of the MALWARE thru the purchase of any number of “Malware removal softwares” that the malware also puts on the desktop of the infected system. The bad guys are looking to collect your credit card data for resale to others. Seems credit card data aka track dat is selling for from a dollar to twenty dollars depending on the type
This computer was perfectly fine on Friday and Saturday is had a red bio hazard background and 3 new malware removal products on the desktop thanks to the malware.
I ran some software to determine how bad the infection was with some free open source tools:
Hijack this
lava soft ADAWARE
GMER
ice sword
as well as some for pay products:
The conclusion was that the system had about 150 hidden and hijacked process running on it. The MALWARE had turned off the anti virus on the system when it was loaded.
I killed a few of the malware process and trend micro av started to see the infected items but was unable to remove them.
Moral of the story:
Back up your data
Back up your data
I use carbonite to backup all of my systems and CASE has arrange for us of this product as well.
after formating and reloading the system. the system is again behaving well
Identity Theft?
Yes even security professional have issue related to identity theft.
Yes it involves a bank account
Yes it involves an on line merchant
So this is the little yarn. Last night I get an Email from amazon.com.
It says that a large electronics purchase was made Amazon caught that it was BAD by there regular review of my purchasing paterns and the use of reverse address lookup.
Seems that some one of my credit card accounts has now been PWND by some one.
good suggestions for everyone that reads this :
Home shredders
How secure are you from identity theft? For all that we are (and oughtto be) worried about hackers and other threats to our electronic information, researchers estimate that 55% of all cases of identity theft are based on information from paper. Could someone find credit card numbers, bank account numbers or social security numbers in your trash?
Garbage left at curbside is considered to be in the public domain. That means it's not illegal for someone to take items out of your trash. And don't think that someone won't go through it just because it's mixed in with the dirty diapers. In many municipalities, all the waste is opened and manually sorted as part of the area's recycling program. In Medina County, for example, your trash is touched by about 20 people between the time you put it in your trash can and it ends at the bottom of the landfill. Your credit card statement is a great temptation.
Home-quality shredders are available for as low as $40. If you don't yet have a shredder at home, you need one. We all need to be concerned with how much of our information can be accessed from our mail, including our credit card and bank statements, and any other piece of mail that may provide confidential information. Anything that has your name, address, phone number or any kind of account number on it should be shredded before discarding. Credit cards should be destroyed by cutting the card across the number.
There are two basic kinds of shredders: strip-cut and cross-cut. Most of the cheaper shredders are strip-cut. They cut the pages into strips between 1/8 and 1/4 inches wide. Cross-cut shredders (also called "confetti-cut") will chop the strips into smaller pieces, and thus provide much greater protection. The other factors commonly used to compare shredders are durability and capacity (how many pages can it shred at a time without jamming).
Note: Keep the shredder unplugged or locked away when young children are around.