Saturday, 31 January 2015

f0xy Malware: "Malware Hides By Using Microsoft BITS Download Service"


Researchers have discovered a malware specimen that Microsoft's own download service used to hide.The malware by security firm Websense 'f0xy' and is among other because of the use of the Microsoft Background Intelligent Transfer Service ( BITS ).

This service uses available bandwidth for downloading files. Many Windows services use this service, including Windows Update and Windows Defender. According to researchers used f0xy download service to avoid being noticed. Virus scanners would beat slower alarm when network requests BITS see coming than an unknown .exe file would be the case. The malware itself is developed to mine infected computers to digital currency.

Hashes:

f522e0893ec97438c6184e13adc48219f08b67d8

080c61c9172cd49f6e4e7ef27285ccaaf6d5f0ac

c25da337ec5ac041312b062e7fb697e4f01ca8d9

cd4e297928502dece4545acbe0b94dd1270f955c

adbf0e4d37e381fe7599695561262d1a65205317

54d2810aaae67da9fa24f4e11f4c2d5fe4d2b6d4

7de3ed8f751a528fde1688d35c6eb5533b09ae11

812e453c22e1a9f70b605cd27d3f642c3778d96d

55c9d015b1f8d68e6b5ce150f2dbab2b621dac1c

e80d7f27405ece2697a05d6c2612c63335851490

f4f1d8bceb62c72f2fe6713c5395555917fc40ad

2a4837fdb331f823ca474f521248b2cdb766528f

f522e0893ec97438c6184e13adc48219f08b67d8

Vulnerabiltiy: Google Reveals Adobe Reader Leak for Mac OS X


Google has unveiled a vulnerability in Adobe Reader in the Windows version of the PDF reader would be patched, but the Mac version is still present. The vulnerability was reported to Adobe in October last year.In December there was an update for the Windows version appeared, but Adobe had to Google that it had failed to deliver a solution for the Mac version.

This week, however, went the deadline had asked Google. "Project Zero Team" of the search giant is looking specifically for vulnerabilities in commonly used software. Once a leak is found will the supplier 90 days to come up with an update, other details are the vulnerability automatically made ​​public. Adobe was warned by Google that it would reveal the details.

Via the leak, it is possible to let the application crash, which is possible up to a "heap-based buffer overflow" can cause.Noteworthy is the way that Adobe to Google said to have patched the flaw in the Windows version. The leak in question, known as CVE-2014-9160, however, does not appear in the list of Adobe Reader update.

Apple Blocks Unsafe Flash Player On Mac OS X


To protect users from potential attacks, Apple insecure versions of Adobe Flash Player on Mac OS X blocked. Mac OS X has a "Web Plugin blocking mechanism" that Apple regularly will update to block unsafe plug-ins and prevent drive-by downloads.

This weekend Adobe patched a critical vulnerability in Flash Player that is actively used to attack Windows users. Who surfs on Mac OS X with Safari and not using the latest version of Flash Player and a site visit to see the plug-in calls notifies ranging from "Blocked plug-in", "Flash Security Alert" or "Flash out-of-date ". The message is that Adobe Flash Player is outdated and there is a newer version can be downloaded from Adobe.

Flash Player versions on Mac OS X Flash Player 16.0.0.296 and 13.0.0.264. All versions are blocked before. Users who still want to use an older version of Flash Player can do this via the "Internet Plug-in management" in Safari, and so the plug-in running on reliable websites in an insecure fashion. Further notes that Apple users who have problems downloading or installing Flash Player, this should contact Adobe.

Friday, 30 January 2015

Microsoft Startup Manager Autoruns Integrates With VirusTotal Google


There is a new version of the popular and convenient Autoruns tool from Microsoft appeared which now has a link to VirusTotal. VirusTotal is an online virus scanner from Google that allows files checked by fifty different virus scanners.

Autoruns was originally developed by Sysinternals that some time ago was acquired by Microsoft. The tool provides detailed information about files, programs and processes that start when loading Windows, as well as what happens if Windows applications such as Internet Explorer, Explorer, and media players are launched. Through the integration with VirusTotal can be displayed directly on the detected virus scanners find some processes and files.

Canadian Secret Service Would Monitor Millions Of Downloads


Canadian secret service would monitor millions of daily downloads of Internet users, such as videos, photos, music and other files, according to documents Edward Snowden. According to the documents, the Levitation program of the Canadian Communications Security Establishment (CSE) downloads in several European countries, the Middle East, North Africa and North America monitors.


Ron Deibert, director of the Citizen Lab at the University of Toronto, the program compares with a "giant X-ray machine on our digital lives." Any files that users download and upload to popular websites and are collected and analyzed, says Deibert. The download and upload details are kept in a total of 102 different file sharing sites. Only three sites are mentioned by name, ie Rapidshare, SendSpace and the now defunct Megaupload.

The data would be collected directly by tapping the internet cables. Then the IP address of each computer that files downloaded from the websites collected in question. Analysts of the CFE use the IP addresses then in other surveillance databases where they have access to. In this way can be determined on the basis of the collected IP addresses which sites these people even more visits and in some cases what their Google or Facebook accounts.

The documents show that the CSE kept a list of 2,200 special downloads that was suspicious or interesting. Internet users who have downloaded these files could possibly get extra attention from the secret service, says The Intercept that the news about the spying program with CBC News brought out. The documents do not specify whether the Levitation program has ever helped prevent a terrorist attack.

Thursday, 29 January 2015

Experts: Linux system Reboot After Installation GHOST Patch


Tuesday released a patch for a critical vulnerability in Linux, but after installing the system must be restarted, as experts warn. Through the GHOST vulnerability an attacker can take over vulnerable systems in certain cases. Still, the leak can not be compared with other major vulnerabilities as Heartbleed and Shellshock.

Most systems are not vulnerable because, says security expert Robert Graham . Modern software would use a different function and even software that uses the function which the leak can be invoked does so in a way that can not be abused."Even if software will use the vulnerable function is not to say that it is also vulnerable," the expert notes. Also, most systems would not be attacked by the leak and many of the exploits used only locally. Graham says that users also do not have to panic.

He gets applause Jen Ellis security company Rapid7. "Unlike a leak as Heartbleed is not always exploit the problem. The general consensus is that the bug is not easy to abuse," Ellis says. Until now, there would be only one known case that is easy to abuse. Both experts suggest that users of their systems after installing the patch have to reboot. Without a reboot services that will use the vulnerable library not be restarted.

Google Chrome Extension TrackerSSL Warns Of Unsafe Websites

TrackerSSL Functionality

Researchers from the Citizen Lab at the University of Toronto have an extension for Google Chrome developed that warns users of unsafe websites and ad trackers. TrackerSSL let users know who the website visited transmit it, whether this is done safely and then allows the process Website to disclose via Twitter.

According to the developers must TrackerSSL tackle the problem of unencrypted data transport, leaving users vulnerable to mass surveillance. The revelations Snowden is a movement that wants to encrypt the entire web. Through TrackerSSL get users to understand what the obstacles are hereby. Thus, the percentage of every website ad trackers shown that supports HTTPS, and the name of the tracking companies and a list of trackers that use unique identifiers to track users.

TrackerSSL Working
"Although ad trackers are mainly used for personalized advertising, it is known that the NSA with the identifying cookies from ad trackers piggybacked to gather detailed profiles of their targets," the researchers said. The use of HTTPS can counteract this. Many ad trackers, however, would still not support HTTPS. Websites can therefore not switch completely HTTPS, so the problem persists. By sharing the results via Twitter the developers hope a discussion on the use of HTTPS to boost.

Infected Ads on xHamster Spread Malware


Researchers have discovered the popular porn site xHamster infected ads that try to infect visitors through a recently patched flaw in Flash Player. According to anti-virus company Malwarebytes is the number of infections from xHamster recent days has increased by 1500%.

The porn is according to measurement agency Alexa on the 64th spot of most visited websites on the internet. In case the attack is successful the Bedep malware is installed. Bedep making computers part of a botnet and can then install additional malware. Meanwhile, there is an update to the attacked Flash Player leak released, but may still not be installed anywhere.

"Although malvertising on xHamster is nothing new, this particular campaign is very active. Given that this porn site generates a lot of traffic, the number of infections are gigantic," says Malwarebytes. Previously had security FireEye already know that had infected ads on porn sites found , including a porn site in the Alexa Top 1000. However, it seems to go a different attack. As was pointed infected computers installed Reveton-ransomware.

Wednesday, 28 January 2015

Visitors Porn Sites Attacked By Flash Player Leak


Visitors from different porn sites, including one that is on the Internet in the Top 1000 most visited sites are attacked by a leak in Adobe Flash Player which published an update until recent days. The attack took place through ads displayed on porn sites.

That says security firm FireEye. Once the ads were shown malware could be installed on the system in a vulnerable browser.To which websites are just the IT security officer does not know. However, the advertisements used a variant of the attack which was observed in the first instance. That first attack was carried out by the Angler Exploitkit while the new attack does not use this exploitkit.

The original Angler attack used some JavaScript and try to detect the presence of virtual machines and scanners, while the new variant no obfuscation used or analyzes the environment. The exploit for Flash Player in this case is loaded via normal JavaScript. The attack is successful then a variant of the Reveton ransomware-installed. Reveton locks the computer and that the user has committed a crime. In order to prevent criminal prosecution and to regain access to the system must be an amount of money to be paid.

Meanwhile, there is for all users released an update that fixes the leak. Through this page can be checked which version of Flash Player installed on your computer. The Finnish F-Secure let know that the Angler Exploitkit last week was the most popular exploitkit among cybercriminals. The virus fighter advises Internet users in addition to installing the update also to set click-to-play. In this case, the user must first click on a Flash object before it is loaded. In this way it can automatically be prevented infecting the computer via browser plug-ins.

Linux Systems Vulnerable To Criticism GHOST Leak



There is a critical vulnerability in Linux discovered which virtually all systems since 2000 at risk. Through the leak can take over a remote attacker without valid credentials vulnerable computers. The vulnerability is since November 2000 in the GNU C library.

The GNU C Library, also known as glibc, is an implementation of the standard C library and an important part of Linux.Without this library would be a Linux system does not work. The leak has researchers named GHOST received because it through the gethostbyname function is to call. An attacker could then execute arbitrary code on the system.



On May 21, 2013 between the releases of glibc 2.17 and glibc 2:18 there appeared a solution to the leak. However, the fix was not classified as a security advisory, making the most stable distributions with long-term support remained exposed, according to security firm Qualys discovered that the vulnerability. This is Debian 7 (wheezy), Red Hat Enterprise Linux 6 and 7 and Ubuntu 12.04.

"GHOST is a remote code execution risk, which makes it very easy for an attacker to compromise a machine. Example, an attacker can send a simple e-mail from a Linux system and automatically get full access to that machine," says Wolfgang Kandek, CTO at Qualys. Administrators and users are advised to install the updates now available from their supplier.

Kaspersky: NSA Involved Regin Malware


The US National Security Agency is involved or responsible for the advanced Regin-malware , according to the Russian anti-virus firm Kaspersky Lab. The virus fighter relies on an analysis of the virus code and files that were leaked by whistleblower Edward Snowden.

The German newspaper Der Spiegel published the documents ( pdf ) and files on 17 January this year. Under the leaked files also contained a keylogger codenamed QWERTY that would be developed by the NSA. Researchers analyzed this keylogger and discovered that the code is identical to a plug-in of the Regin malware. The researchers noted that the QWERTY keylogger can not be used as a separate module, but is dependent on functionality that is provided by a Regin module.

"Given the extreme complexity of the Regin platform and the small chance that it can be imitated by someone who has no access to the source code, we conclude that the developers of the QWERTY malware and Regin developers are the same or collaborate" says research director Costin Raiu. Previously suggested the Dutch security firm Fox-IT that the malware was created by the NSA or British secret service GCHQ.

Regin, according to Symantec's already in use since 2008, while Kaspersky Lab even a compilation date of 1999 saw over.Include Belgacom and an employee of the German Chancellor Angela Merkel would be attacked by the malware. The espionage malware used a variety of techniques to avoid detection. So it is still unknown how Regin infects computers."Regin stands alone. It is certainly more complex than Stuxnet and Flame when it comes to the design of the platform, functionality and flexibility," Raiu had previously know.

QWERTY 20123.sys:
0ed11a73694999bc45d18b4189f41ac2 (Virustotal Link)

Regin 50251 plugins:
c0de81512a08bdf2ec18cb93b43bdc2d
e9a43ea2882ac63b7bc036d954c79aa1

Tuesday, 27 January 2015

Apple: "Thunderbolt Attack In OS X Patch"


Apple will soon release an update for Mac OS X Yosemite discovered next three vulnerabilities revealed by Google and also the last year demonstrated Thunderbolt attack will remedy. Let sources with access to the beta version of Mac OS X 10.10.2 opposite iMore know.

In late December showed researcher Trammell Hudson during the CCC hacker conference in Hamburg how he bootkit can install on an Apple Macbook that reinstalling the operating system and replace the hard drive can survive through the Thunderbolt port. Once the bootkit is running that can spread virally by infecting other Thunderbolt devices.

To install the bootkit is need physical access to the computer. To adjust Mac computers to protect against the attack Apple had not only the code that prevents the boot ROM is replaced, but that a rollback to a previous state which prevented the attack still works.

Further, Mac OS X, 10.10.2 Yosemite also three vulnerabilities remedy that Google recently revealed in the OS.Researchers from the search giant had vulnerabilities discovered last year and reported to Apple. Since they are not within the Apple patched the details were automatically made ​​public time limits provided by Google. Something happened earlier vulnerabilities in Microsoft.

Cyber ​​Vandals Caim Downtime Facebook And Instagram


A group of cyber vandals has claimed responsibility for the downtime that Facebook, Instagram and Tinder had this morning to make. The websites were inaccessible short time in which Facebook users an hour could not log on to the social networking site.

The website stated that the Facebook deal with a major failure was the cause and had found, but further details were not given. Via Twitter late group Lizard Squad managed to sit behind the downtime. This group was the end of December also responsible for attacks on Microsoft Xbox Live and Playstation Network. The DDoS attacks that would execute the group of websites hacked thousands of routers originate. Recently, several members of the group arrested .

Facebook said in a statement that a technical adjustment to the website was the culprit. "The downtime was caused by a technical problem that we introduced ourselves. It has nothing to do with Lizard Squad Snowmageddon or other external parties," said the social networking site.

First Malware For Flying Drones Developed


Next month, researchers will demonstrate the first malware that is designed specifically for flying drones.Maldrone, as the malware is called, gives the creator full control of the unmanned aircraft and can be used for surveillance. It can also infect other infectious drone drones.

The idea behind the malware is that commands from the original owner to transmit false gates, while the attacker can directly communicate with the serial ports. For this purpose Maldrone use a proxy serial port that intent. For the study, the researchers used a Parrot AR Drone 2.0 and DJI Phantom. The malware was created specifically for the Linux-based AR Drone operating system.


The researchers will present their research on February 7 during Nullcon India demonstrate. Rather they made ​​demonstration video below. Last year showed the well-known hacker Samy Kamkar see how to hardware for less than $ 400 through its Skyjack attack drones from the air hijacking.


Research: Weak Encryption In Popular Android Apps


Many of the popular free Android apps in the Google Play store use weak encryption to protect sensitive information. Which claims that the US security firm FireEye 9339 apps with more than 1 million downloads analyzed . Of these, 8261 were found to use a cryptographic functionality of the Android platform. 8261 of these apps again proved 5147 apps (62%) contain one or more cryptographic vulnerabilities.

It involves, for example using static keys for encryption. These keys can be removed from the app and then to decrypt the data. This was 21% of the apps the case. Furthermore, 58% had to use a weak encryption algorithm that the apps are vulnerable to certain attacks. For a handful of apps was also developed an attack. One of these apps accepted all dished SSL certificates, allowing attackers to perform a man-in-the-middle attack.

According to the researchers cryptographic vulnerabilities are a serious threat because they enhance the effectiveness of other attacks. Through the misuse of SSL could intercept an attacker instance sensitive information. "This problem is compounded by root exploits in which an attacker rooting a device can determine which apps are installed to send random data for offline decryption" concludes researcher Adrian Mettler.

Group Threatens Malaysia Airlines With publication Data Stolen


A group of cyber vandals Malaysia Airlines has threatened to publish information that would be captured on the website of the airline. The website was launched today, reports the Malaysian Star Online . A group calling itself the "Cyber ​​Caliphate" calls had a photo of a Malaysia Airlines Airbus A380 on the website loaded with the words "404 - Plane Not Found".

Not much later, the site was again the target of an attack, this time by a group calling itself "Lizard Squad - Official Cyber ​​Caliphate" calls. On Facebook Malaysia Airlines announces that the DNS (Domain Name System) has been compromised so visitors were redirected to a website of the attackers. The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. Meanwhile, the DNS changes would be undone.

"Malaysia Airlines reassures customers that is not hacked the website and this temporary error has no effect on their bookings and their data is safe," said a statement from the airline. The group that calls itself Lizard Squad, however, claims that Malaysia Airlines lying and there are good data stolen, which will soon publish the group claims.

Monday, 26 January 2015

Emergency Patch For Adobe Flash Player Attacked Leak


Adobe has this weekend an emergency patch released for a critical vulnerability in Flash Player that asset is used by cybercriminals to infect computers with malware. Because of the vulnerability had Internet Storm Center decided to alert the Internet to color code yellow to increase.

The emergency patch this weekend only rolled out to users who have enabled the automatic update feature, which is the default for Flash Player. For users who want to download the update itself will update appear this week at the Adobe website.Additionally, Adobe has announced that with distribution partners cooperate to the update for Google Chrome and Internet Explorer 10 and 11 make it available. These browsers include an embedded version of Flash Player.

Adobe confirms that the leak is used to attack users of Internet Explorer and Firefox on Windows versions up to Windows 8.1.Initially, it was stated that users until Windows 8 walked risk. The critical vulnerability has been fixed in Adobe Flash Player 16.0.0.296 . Through this page can be viewed which version is installed on the system.

Google Reveals Unpatched Vulnerabilities In Mac OS X


After several have leaks in Windows unveiled at a time that no security updates, Google has the same now done with Mac OS X. In total there are three vulnerabilities, allowing an attacker commands as a "system daemon" execute through ' kernel code execution 'root privileges can get or through a Bluetooth device memory corruption can cause.

One of the vulnerabilities has been tested on Mac OS X 10.9.5, while another only at Yosemite is confirmed. Leaks are detected by the "Project Zero Team" of Google, which is looking specifically for vulnerabilities in commonly used software.Once a leak is found will the supplier 90 days to come up with an update, otherwise the details of the vulnerability are automatically made ​​public. Much to the dissatisfaction of Microsoft, which Google called to work better together. Apple has not yet responded to the leak revealed.

Flash Users Attacked By Infected Ads


The zero-day vulnerability in Adobe Flash Player that this week was discovered and which is expected next week an emergency patch will be deployed against Internet via infected ads. Visiting a website that shows the infected ads with Internet Explorer or Firefox on any Windows version is basically enough to get infected with malware.

It does not matter whether a 32- or 64-bit Windows version used, as reported security firm Zscaler. The malicious ads would be distributed through ad networks and Adcash Oneclickads. As previously noted already infected computers part of a botnet, that the machine for advertising and click fraud efforts. "This is the first zero-day exploit for Adobe Flash Player this year and it's no surprise that it is spread via infected ads," said John Mancuso of Zscaler. Pending to update users get the advice to temporarily disable Flash Player.

Sunday, 25 January 2015

Chinese Government Blocks VPN Services



The Chinese government has all kinds of VPN services blocked in the country, giving consumers no websites like Facebook and Google can visit more and particularly small foreign companies in China can not connect to their servers and enterprise networks can make abroad.

Via a Virtual Private Network (VPN), it is possible to make a computer is part of a network that is located at a different location. The traffic then runs through a specially constructed tunnel. China VPNs are used inter alia to circumvent government censorship. Using a VPN service make Chinese Internet connect on servers in Europe, from where they can then visit various Web sites that are not accessible in China. Because the traffic through the secure VPN tunnel running the Chinese authorities can not view the contents.

VPN provider Golden Frog announced that users of the VyprVPN service problems have to approach certain VPN servers abroad. The problem is as Golden Frog also with other VPN providers. "From a technical standpoint, it is not caused by server problems, but it's a network problem in China." For the time being of the company in the Netherlands and Hong Kong VPN servers would still be accessible for Chinese users.

According to Richard Robinson, a foreign entrepreneur in China, it is especially small and medium-sized foreign companies that makes the VPN blockade. Many larger companies have in fact direct connections to servers outside the country, so let him across the Associated Press know. In recent weeks, the Chinese government also decided to block all access to Gmail.Similarly, a measure which affects small businesses according to Robinson, as they often use the mail service from Google.

US State Block Zip Files After Malware Attack


The US state of Arkansas decided this week all zip files via e-mail were sent out to block after several state computers were infected with malware. According to a spokeswoman would amount to a fraction of the more than 15,000 state computers.

"There are fewer than 50 machines were infected," said Janet Wilson against the Democrat Gazette . "We have multiple layers of protection. Some filtering malicious traffic and there are other measures. These filters have noticed the malware attack. We conducted a test on the computers in the network, and that 50 were quickly found and removed from the network and replaced . "

"The Department of Information Systems" that is responsible for the automation late in a statement on Facebook know that the only way to prevent the spread of infected files on the network is blocking was zip files. "We apologize for the inconvenience and will deliver these files as it is safe."

Saturday, 24 January 2015

British Teenager Commits Suicide Because Of Ransomware


A 17-year-old British teenager committed suicide last year after his laptop was infected with ransomware.The malware showed a message that was supposedly from the British police and stated that the boy, who suffered from autism, banned websites and images had been viewed. The message went on to say that he had to pay 100 pounds to be prosecuted and regain access to his laptop.

"Joseph was the victim of an Internet scam", as his mother said in a statement. "He has probably taken literally because of his autism and did not want Georgia or I would be worried." The coroner made during a hearing about the incident that the boy's autism may have ensured that he took seriously the ransomware message.

"The Internet is a wonderful thing, but it can also be dangerous and I want parents to make sure their children know that this kind of scams out there, and especially in autistic children because they do not understand," said the mother , reports the Daily Telegraph . Last year was also a Romanian man have committed suicide because of ransomware. Recently, for the deceased boy a special Facebook page opened.

7-Year-Old Girl Performs Wifi Attack Within 11 Minutes


A 7-year-old British girl has given a demonstration of how easy it is to run a wifi attack with minimal knowledge. The demonstration was part of an awareness campaign of a VPN provider, who wants to make consumers aware of the risks of open Wi-Fi networks.


Betsy Davies, who had her parents' permission, the demonstration began with the search of instructional videos on YouTube.Then she put a "rogue access point" at which users of the Wi-Fi network without they made ​​it knew the connection. In this way, Davies could intercept the traffic of users. Eventually, they had a 10-minute and 54 seconds in order to carry out the attack. A security expert oversaw the demonstration, reports the Daily Mail .

Friday, 23 January 2015

Latest Flash Attack Is Part Of Botnet Computers


A new vulnerability in Adobe Flash Player cybercriminals actively use to infect computers with malware and for which no security update is available is the ultimate goal of creating a botnet that among other things used for committing click fraud.

The zero-day vulnerability in Flash Player was wednesday afternoon reported by security researcher 'JuK. Visiting a malicious or hacked website with the latest version of Flash Player would be enough to get infected. The researcher also advised to temporarily disable Flash Player. Adobe will facing the business magazine Forbes that examines the message, but still has not announced any details.


Meanwhile, security Malwarebytes malware examined using the new Flash Player attack is installed on computers. In case the attack is successful, the computer part of the Bedep botnet. This botnet can then, by installing additional malware, use the computer for different purposes. In the case of the malware that saw the researchers concerned the click fraud.

The malware infects the explorer.exe process and let the infected computers to send any requests for ad networks, without the user does this by. According to researcher Jerome Segura are difficult to distinguish them from real traffic requests, allowing advertisers end up paying for impressions and clicks that do not originate from a human and which benefit cybercriminals.

Sony Hacker Would Have Used Zero-Day Vulnerability


The hackers who break into knew Sony would have used a zero-day vulnerability, so let sources familiar with the investigation to Re / code know. The attackers were two months have had access to the network, where they were captured terabytes of data and then sabotaged thousands of computers. For whatever leak exactly is and what program was not disclosed.

However, it would go to a well-made, but not refined operates, said the sources. The New York Times reported recently that there were spear phishing attacks against Sony used. This involves contain customized emails that malicious links or attachments. In the past, spear phishing often used to perform zero-day attacks. The use of a zero-day vulnerability could also allow the note explaining security expert Kevin Mandia, head of the security company that carries out research into the hack. He suggested that both Sony and other companies do not have to prepare for the attack.

Tubrosa Trojan: "Botnet Infected Computers Makes YouTube Videos"


Cybercriminals use infected computers to watch videos on YouTube, where they ultimately paid for by Google hope to be. Furthermore it is on computers even Adobe Flash Player installed to allow this form of advertising fraud. YouTube pays video creators through a special affiliate program, whereby ads are displayed in the videos. The more people view the videos, the greater the reward. A Swedish gamer with the alias "Pewdiepie" It is estimated that each year 13 million earn his YouTube videos.

For years, botnets are used for advertising fraud, where cybercriminals have infected computers clicking on ads or only view out. According to anti-virus company Symantec have these cybercriminals now shifted their field to YouTube. A few weeks ago, researchers discovered the company's new click fraud malware that infected computers used to artificially inflate the number of times a YouTube video was viewed. Through the affiliate program, the cybercriminals can then redeem their activities.


The attack starts with an e-mail attachment or link that points to the malware. Once activated the malware download a file with thousands of YouTube videos that need to view the computer. Then the malware opens videos in the background to keep the activities hidden from the user. The malware will even update or install Adobe Flash Player to view the videos. The Tubrosa Trojan responsible for these activities would mainly in South Korea, India and Mexico are active. Google late in a statement that it knows of the malware and advertisers protects against the ad fraud.

Thursday, 22 January 2015

Kim Dotcom Launches Beta Encrypted Chat Service


Internet entrepreneur Kim Dotcom has launched a beta version of its encrypted chat service Mega Chat, so he made ​​via Twitter announced. "We roll Mega Chat step by step, starting with video calls. TextChat and videoconferencing will soon follow," says Dotcom.

Earlier, the Internet entrepreneur let all know that Mega Chat must put an end to the surveillance of the NSA and a competitor of Skype will be. To use Mega Chat, users must have a Mega account, but there is no need to install software. The chat service can be started directly from the browser what is seen as a great advantage.


IT website TechCrunch tried Mega Chat and reports that had to make several times with connection problems, but if the video chat service audio and video quality of work is similar to that of Skype. However, this is still a beta version.Furthermore, to speak about the file-sharing website feature that allows users to share files and folders. Mega Chat uses User Controlled Encryption (UCE), which means that users can send their decryption key to other people to give them access to the files. When the final version of Mega Chat will appear was not disclosed.

Windows 10 Free For Users Of Windows 7 And 8.1


Windows 10, Microsoft will make available free of charge for users of Windows 7, Windows 8.1 and Windows Phone 8.1, so the software giant has tonight during a special event let you know. The upgrade to the operating system a year after launch free download. According to Microsoft, this involves more than a "one-time upgrade." Once a machine has been upgraded to Windows 10, Microsoft will continue to support operating system on the machine free of charge for the lifetime of the device.

Windows 10 will release the software giant new features sooner rather that it will wait for a new version of Windows. "We consider it as a Windows Service," said Microsoft's Terry Myerson. Therefore it would soon no longer make use of the device Windows, which would be good news for developers. Companies and business users, however, will have a choice whether they want to receive these consumer-oriented updates or important business rather shielding systems so that only receive critical patches and security updates.

One of the new additions to Windows 10 is an entirely new browser called "Project Spartan". The browser is specially designed for Windows 10 and should provide better interoperability, reliability and traceability. This would include reading articles should be improved and the voice assistant Cortana will be integrated into the browser, so users can find and do things faster. According to Microsoft's Jim alkove Spartan will be safer than ever.

Microsoft also showed tonight that already 1.7 million people in the pilot program of Windows 10 to participate and the software giant has already received 800,000 comments on the operating system. In addition, Windows 7 users were advised to install Internet Explorer 11 already, so they simply can upgrade to Windows 10 as the operating system is available.

Facebook Will Warn Users Of Hoaxes


Facebook has introduced a measure to allow users henceforth be warned of hoaxes in their news.According to the social networking site users would have asked for his show fewer messages hoaxes.Facebook regularly false or misleading news spread, which may or may not point to scam sites.

Facebook Hoax Feature
Recently, Facebook has added an option allowing users to report these types of hoaxes. It works the same way as reporting spam and according to Facebook would hoaxes and misleading news reported 2.5 times more than other news. These reports from users are now used by Facebook to let other users know that the messages that they want to share is probably a hoax.

In this way, users would spread the messages slower, which should reduce the number of hoaxes. Facebook is certainly not going to attempt to remove posts and says that it is also about control messages to determine their accuracy. According to Facebook's most publishers on Facebook will therefore none of the update notice, except for a small group which regularly publishes hoaxes and scams.

Wednesday, 21 January 2015

Edward Snowden Does Not Use iPhone Because Of Spyware


Edward Snowden used because there is no iPhone spyware would sit in, so has the whistleblower of the lawyer to the Russian news agency RIA Novosti announced. "Edward never used an iPhone, he has a simple phone. The iPhone has special software that can run itself without the owner having to do anything, and may collect information about him. Because security is why he refuses this phone," said Anatoly Kucherena.

The lawyer further added that the decision to use or not iPhone is a personal choice, but Snowden looked at it from a security standpoint. Additionally Kucherena noted that the whistleblower is satisfied with his life in Russia. Snowden has lived since August 1, 2013 in Russia. It is not the first time he warns of the risk of mobile phones. Last year showed Snowden still know that the NSA switched phones can remotely switch on and listen.

Oracle Java SSL 3.0 Switches Off


To protect users from attack Java, Oracle SSL 3.0 disabled in the software. The measure is part of the security update that appeared Tuesday. "This Critical Patch Update disables the standard use of SSL 3.0. SSL 3.0 will be considered an obsolete protocol and this situation is exacerbated by the POODLE-leak. As a result, this protocol widely attacked by malicious hackers," says Eric Maurice Oracle.

The POODLE-vulnerability in SSL 3.0 ensures that an attacker who between a user and the Internet to know places, for example in an open Wi-Fi network, can steal information from encrypted connections, such as session cookies. Maurice gives organizations advised to discontinue use of all SSL versions, as it is no longer the safe communication between systems can be trusted.

Also Oracle customers have to change their code and switch to a more secure protocol such as TLS 1.2. Oracle employee further notes that Oracle in the future SSL in all Oracle software will turn off. Besides disabling SSL 3.0 update also fixes 19 vulnerabilities in Java, which in the worst case, an attacker can give full control over the system.

Malware Discovered In League Of Legends And Path Of Exile


Researchers have official versions of the popular games League of Legends and Path of Exile malware discovered. Gamers could become infected when they downloaded a legitimate installer or updates to the games with an Asian provider. Contaminated "game launcher" set three files on the system, namely an official game launcher, a "cleaner" that infected game launcher replaced by the official and the PlugX remote access Trojan.

This Trojan attackers full control over the computer. According to the Japanese anti-virus company Trend Micro users in certain Asian countries were the target of the attack. Research into the infection led to Garena, an Internet platform provider for consumers in Asia. Garena is working with game developers, Riot Games, S2 Games and Electronic Arts, which the company has the exclusive rights to certain games.

In a statement Garena argues that the servers were compromised, causing infectious installation files League of Legends and Path of Exile are scattered. Meanwhile, all infected files are removed. Most infections were observed in Taiwan, followed by Singapore and Thailand. Garena gives gamers advised to scan their computers with a virus, update the games, change passwords, and use two-factor authentication.

Hashes: 
f920e6b34fb25f54c5f9b9b3a85dca6575708631 (FO3Launcher.exe)
bd33a49347ef6b175fb9bdbf2b295763e79016d6 (NtUserEx.dll)
f3eabaf2d7c21994cd2d79ad8a6c0acf610bbf78 (NtUserEx.dat)

Tuesday, 20 January 2015

Researchers Steal Data From Jailbroken iPhone Via Siri


Researchers have developed a way which makes it possible to steal data from infected jailbroken iPhone via the Siri voice control. When users communicate with Siri is processed their voice to data and sent it to Apple, where the voice input is translated into text.




Researchers Luca Caviglione and Wojciech Mazurczy an attack developed Siri which is used to set up a secret channel between an infected machine and a botmaster so they can steal sensitive data like passwords, credit card numbers and Apple IDs. The malware on the device processes the data to an audio clip that is offered to Siri. Siri will then send the data to a remote server. An attacker who has access to network traffic can thus extract the encoded information.

In addition to the requirement that access to the network traffic, the iPhone must be jailbroken, so the researchers in their report to know. By using the "iStegSiri-attack" can be 0.5 bytes sent per second. Sending a credit card number with 16 digits in this way takes about 2 minutes. The researchers say opposite IEEE they especially want to see how their research steganography, hiding information in innocent looking objects such as images, text or sound clips can be used by attackers.

According To Researchers Avoid Chrome And Skype


Security researchers who work with sensitive information can better avoid Google Chrome and Skype, as recommended two researchers. According to Dani Creus and Vicente Diaz Kaspersky Lab happens that investigators are approached by criminal gangs and intelligence.

It also happens that researchers be bugged or that their devices while traveling is compromised. Operational security (OPSEC) is therefore essential, say Creus and Diaz. The main rule here is to remain silent. "If you do not have to say do not do anything. If you need to communicate with someone do it safely so you're not the contents of your message in danger and if possible also leave no metadata."

In the case of communication should be used such as email, instant messaging and phone the researchers several tips. So can only chat services that are trusted Off-the-Record (OTR) offering and Skype should never be used for discussing sensitive issues. Also, wherever possible, disposable phones are used. Furthermore, researchers are advised to use TrueCrypt to encrypt data.

To the Internet, according Creus and Diaz wise to use an 'air gap', which is created by an anonymous obtained 3G / 4G modem connection. Also have no cookies in the browser must be accepted and the execution of JavaScript can be prevented. Furthermore, users can not log on to an account and use Google Chrome is not recommended.

"OPSEC must be quickly part of the daily routine of security researchers," note the two researchers. "Given the kind of operation that is detected, and the parties concerned, the lack of knowledge and discipline in this area can have devastating consequences for researchers who do their work," concludes the pair. Earlier also gave a researcher called The Grugq sorts of tips for improving operational safety.

Monday, 19 January 2015

Chinese Cyber Spies Were Joint Strike Fighter (JSF) Secrets Booty


China would have used cyber espionage to steal all kinds of secret information on the Joint Strike Fighter (JSF). This is evident from documents leaked by whistleblower Edward Snowden. According to an NSA presentation where the German newspaper Der Spiegel and the Sydney Morning Herald reports about Chinese cyber spies would "teraybytes" to sensitive military information JSF have captured.


Among the stolen design details are information on the radar systems of the JSF and detailed designs of the motor and methods for cooling the exhaust gases. In 2013, an advisory board of the US government had proposed a confidential report that JSF secrets were stolen by the Chinese. Last year, an expert claimed that the details of the JSF in a Chinese fighter jet appeared.

Besides information on the JSF would also sensitive details about the B-2 stealth bomber and F-22 Raptor fighter jet were stolen, as well as a nuclear submarine and missile designs. The amount of data stolen is estimated at 50 terabytes. However, the documents also show that the NSA and intelligence services of the "Five Eyes" by Chinese intelligence services have broken and access to computers have obtained senior Chinese military officials.

Hacker's List: Hiring the right hacker!


You can not get past level 68 in Candy Crush, suspect your love of infidelity or would you adjust that one insufficiently your transcript? For a few hundred dollars you rule a hacker who can help.

Hacking is no longer reserved for large espionage services or organized crime.And not just big companies like Sony and Apple are the target. Behind all those familiar hacks grows a forest of home-garden and kitchen hacks.

On hackerslist.com you find all kinds of hacking requests:

- A player who wants help with a phone game .

- Someone who wants access to his old email account .

- Someone who all Whatsapp messages from another phone to receive .

- Someone who transcript will adjust at school.

The extent to which all these requests are real, it is difficult to ascertain. The site is now about three months. So far there are about 800 different jobs and have placed several dozen hackers made available through the site. The price for a hack ranges from several tens to about $ 5,000. 

FBI

The website is not the only place where hackers and clients to visit each other.This allows you to Neighborhoodhacker.com order ethical hackers who check on order or you hack anyway falls.

The sites are controversial, because most contracts are illegal. According to the authors state in the conditions that only legitimate hacks may be placed. Last year, the FBI took a number of these types of websites offline and took dozens of people who hacks offered on the Internet. The makers of hackerslist.com therefore remain anonymous.

Android Jelly Bean - "Expert Warns Of Default Android Browser"


An American security expert has nearly a billion users with Android Jelly Bean or an older version of the mobile operating system works warned to stop using the standard supplied browser and other browsers to switch.

The reason is that vulnerabilities in the WebView component of the AOSP (Android Open Source Project) -Browser not be patched by Google. Monday warned Todd Beardsley security company Rapid7 that no new updates come out more WebView. WebView is an important part of Android for displaying web pages. It is a separate browser window that developers can use their apps and allows to websites and pages within the screen layout of the application again.

In the latest versions of Android WebView is no longer used, but 60% of Android users is still a version where this is the case. It may therefore be years before WebView is gone everywhere and all the time users run risk, notes Beardsley. "If I were an attacker and had to choose an Android component to attack, it would be WebView. WebView is a component that is used in almost all ad-supported libraries, as well as when you are in any web app not rendering" Open link in browser "click."

The expert is therefore surprised that Google still deliver more updates for example, the audio player in older Android versions, but WebView a miss. Since Chrome, Firefox and other browsers no WebView This is an important security measure notes Beardsley. "If your default browser on AOSP Jelly Bean or earlier, then stop." The same advice applies to users who use the older browser their telecom provider. However, the vulnerable component also appears to affect all kinds of apps and ad networks, as suggested anti-virus company Trend Micro fixed earlier.

Sunday, 18 January 2015

WhatsSpam - "Spamming Market Rises In WhatsApp"


The amount of spam that is sent to WhatsApp users has increased in recent times, which would also come by the end-to-end encryption that uses mobile messaging, say experts. By using this form of encryption WhatsApp can not see the content of messages and filter on, like many other messaging services do.


Adaptive Mobile security firm says that in recent months there is an increase in the number of spam messages has been to WhatsApp users. Indeed, it is quite cheap to distribute spam via the message. It would in particular be advertisements for luxury fakes. "

WhatsApp Investment Spam

WhatsApp Spam

WhatsApp Indian Spam

The total size of these individual spam attacks WhatsApp is difficult to determine, but it is clear that WhatsApp now one of the messaging services with a fully functioning and active spam ecosystem," said Cathal McDaid Adaptive Mobile.

He argues that WhatsApp in fighting spam is hampered by the use of encryption. Although commendable to encrypt messages from users is the end result that it is difficult to filter the contents of WhatsApp messages. McDaid argues that it is not the end of the world, but problematic. Also Martijn Grooten Virus Bulletin notes that end-to-end encryption, spam filtering is difficult.

According Grooten WhatsApp may see if some users send large numbers of messages, but it is not possible for example to watch sent linkers. One solution would be to look for example at the phone to the content, but if, for example linkers a blacklist of a third party comparison would bring this user privacy again questioning.

Great is like McDaid positive about the deployment of end-to-end encryption and hopes that more will follow. "But as with all measures that improve security and / or privacy, it has a price tag. We have to be more creative in our fight against spam."