Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Attack
Cyber Crime Hackers Arrested Malware Attack

Cyber Criminals jailed 4 years for Stealing £3 million from bank accounts

 The ring leaders of Cyber criminal gang that siphoned nearly £3 million from the bank accounts were yesterday (Monday 31 October) jailed following an investigation by the Met's Police Central E-Crime Unit (PCeU)

Ukrainian nationals Yuriy Konovalenko aka Pavel Klikov (29 ys), and Yevhen Kulibaba (33 ys) were jailed for four years and eight months at Croydon Crown Court after previously pleading guilty to conspiracy to defraud.

This result is the culmination of a complex and protracted investigation by detectives from the Met's Police Central e-Crime Unit which has seen 13 people jailed for their part in a sophisticated international online fraud that attacked the heart of the UK banking industry.

The investigation, codenamed Operation Lath, focussed on the activities of a group responsible for conducting a systematic and highly sophisticated banking fraud which attacked the banking accounts of hundreds of online customers.

The fraud was perpetrated through the use of banking 'Trojans' to infect the personal computers of bank account holders and subsequently secure funds from them. The malicious software programme was able to capture confidential information, such as usernames, passwords and account numbers. These details were then used to access those accounts without the knowledge of the owners. Funds were then transferred to a large number of receiving accounts controlled by the group.

Kulibaba was the principal within this group of conspirators. He was based in the Ukraine and was responsible for obtaining and allocating accounts to be attacked, and organising the UK based conspirators to set up and operate recipient accounts and remove funds from them.

Konovolenko was Kulibaba's right hand man in the UK. He had a co-ordinating role, organising the establishment and operation of recipient accounts and instructing those with responsibility for organising the removal of the money out of the recipient accounts.

During the investigation the PCeU worked closely with UK banks and colleagues from the Crown Prosecution Service, the FBI and the US Department of Justice.

Report from met.police.uk 
Read more »
Paste Bin Leaks
3xp1r3 Cyber Army Cyber Army Cyber Crime Database Dumped Paste Bin Leaks

hi5ads.com Hacked and Database Exposed by 3xp1r3 cyber army

hi5ads.com is hacked by a Hackers team named as "3xp1r3 cyber army".  They exposed the database in pastebin. About 8000 users data is leaked.  The leak contains the password and email of users.

If you are one of the user  and used same password for gmail, immediately change your password now .

Majority of password is 123456, those users may not know about the cyber security.  If you also using simple password like 123456,iloveyou,ilovemom, then you should Check our Security Blog to know about the Interenet Risks and Cyber Security.  



Read more »
Malware Report
Malware Report

"Nitro attacks" Malware(RAT) Steals Secrets from Chemical and Defense firms


Nitro Attacks targets Chemical and Defense Industries, 48 firms infected by malware(RAT) to steal Confidential data, Recent report from Symantec.
Symantec research about the recent cyber attacks and released a report with the name " Nitro Attacks".  The report says" the attack started in July 2011 and continued to September 2011".

The attackers change their targets after certain time.  At first(from april to May 2011) , they target on Human rights related NGOs. Then, they changed their target to motor industry in May. There is no attack in june.


According to the report, "29 Chemical Industries and another 19 other industries(Most of them defense sector) infected. In a recent two week period, 101 unique IP addresses contacted a command and control server with traffic consistent with an infected machine. These IPs represented 52 different unique Internet Service Providers or organizations in 20 countries".

The Malware Attack(Remote Administration Tool):
The Attackers send a fake email with attachment of malware created with Poison ivy(Remote Administration Tool(RAT),A Backdoor developed by Chinese Hacker).
Once the victim open the attachment, it will infect the system and install the Poison ivy Server(malware). After the infection, it contacted a C&C server on TCP port 80 using an encrypted communication protocol. Using the C&C server, the attackers then instructed the compromised computer to provide the infected computer’s IP address, the names of all other computers in the workgroup or domain, and dumps of Windows cached password hashes

Infected Machines:

The infected systems were located in 20 different countries, the majority of infected system were located in USA, Bangladesh, and the UK.

Attacker:
The attacks were traced back to a computer system that was a virtual private server (VPS) located in the United States. However, the system was owned by a 20-something male located in the Hebei region in China. Symantec internally have given him the pseudonym of Covert Grove based on a literal translation of his name

"We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties." the official report says.

Read more »
Kalimndor Team
Defaced Website Hackers Team Kalimndor Team

19 Sites Hacked and Defaced BY KALIMNDOR TEAM


A new Hacker team named as "KALIMNDOR TEAM " hacked and defaced 19 websites.

Hacked sites:
http://www.accesoriosyacabados.com/index.php
http://nizamonserratefc.com/images/smilies/
http://www.medicinaintegralips.com/
http://maosof.com/DESCARGAS/
http://luisalbertomonsalvo.com/modules/
http://jurisasociados.com.co/Chat/index.html
http://innovaviajes.com/imagenes/
http://gransegura.com/inmobiliaria/index.html
http://gransegura.com/inmobiliaria/index.html
http://eventokeystone.com/
http://equiparmuebles.com/sitio/
http://elkinbuenoalcalde.com/ciudad_futuro/music/
http://artecnologico.com/webassist/
http://oleajesdelasierra.com/
http://paisajismoyzonasverdes.com/cache/
http://www.bunker440.com/
http://semi.prot.us/fileupload/
http://mdsecurity.com.co/configuration.php
http://tucuerpoperfecto.com/uploads/images/

Read more »
Hackers News
Anonymous Hackers Anonymous Mexican Cyber Crime Hackers News

Mexican Anonymous Group threatened Mexican drug cartel

The Mexican Anonymous Hackers threatened Mexican cartel Los Zetas. They demanded to release one of their member before November 5, kidnapped from a street protest, Or they will expose identities and addresses of the syndicate's associates, from corrupt cops to taxi drivers, as well as reveal the syndicates' businesses.

""ou made a huge mistake by taking one of us. Release him,", A masked man said in a Video uploaded in YouTube on behalf of Anonymous Group. According to video uploaded , they kidnapped unnamed hacker during a street protest in the Mexican state of Veracruz.

"The Zetas are one of the most notorious of several rival gangs of drug traffickers that have plagued Mexico over recent years. Over recent months, turf wars and escalating attacks have increased the death toll." theregister


YouTube Video(Spanish):



Transcript of Anonymous video:
--------------------------------------
"Anonymous from Veracruz, Mexico, and the world, we want you to know that a member has been kidnapped when he was doing Paperstorm in our city.

We demand his release. We want the army and the navy to know that we are fed up of the criminal group Zetas, who have concentrated on kidnapping, stealing and blackmailing in different ways. One of them is charging every honest and hardworking citizen of Veracruz who busts their rears working day after day to feed their families.

We are fed up of journalists and newspapers of Xalapa, Córdoba and Orizaba because they are constantly crapping on honest authorities like the army and the navy.

We are fed up with taxi drivers, commanders and "police-zetas" officers of Xalapa, Córdoba, Orizaba, Nogales, Río Blanco and Camerinos... who are chickens and have made themselves the most loyal servants of these (expletive).
For the time being, we won´t post photos or the names ... of the taxi drivers, the journalists or the newspapers nor of the police officers, but if needed, we will publish them including their addresses, to see if by doing so the government will arrest them.

We can´t defend ourselves with a weapon, but if we can do this with their cars, houses, bars, brothels and everything else in their possession ... It won´t be difficult. We all know who they are and where they are.

(Images with sound of explosions)

You made a huge mistake by taking one of us. Release him. And if anything happens to him, you (expletive) will always remember this upcoming November 5th .
Knowledge is free. We are Anonymous. We are a legion. We don't forgive. We don't forget. Expect us."
--------------------------------

If Anonymous follows through on its threat to expose details of the Zeta's operations, it will lead to more deaths. Analysts warned the Houston Chronicle that outing cartel members would leave bloggers and others more vulnerable to reprisal attacks by the cartel.
Read more »
Team Grey Hat
Hackers News Hackers Team Team Grey Hat

200+ Chinese Websites Hacked by Team Grey Hat


A Hackers Team named as "Team Grey Hat" hacked 200+ chinese sites and defaced them.  They upload tgh.html(defacement page) to the server.

Few Hacked sites:
http://www.rtrujillo.org/tgh.html
http://www.globedu.eu/tgh.html
http://www.789120.com/tgh.html
http://www.pfb114.com/
http://www.china-quality.cn/tgh.html
http://www.china-quality.net/tgh.html
http://www.china-sports.com.cn/tgh.html
http://www.hbzjy.cn/tgh.html
http://www.sohoally.com/tgh.html
http://x068.com/tgh.html
http://12407.z6.cn/tgh.html
http://16342.z6.cn/tgh.html
http://17679.z6.cn/tgh.html

You can check the full list of sites here:
http://pastebin.com/K43gefEN
Read more »
Web Application Vulnerability
Facebook Vulnerability Vulnerability Web Application Vulnerability

Latest Facebook Security flaw leads to EXE file Attachment


Facebook features file uploading ability in message. Facebook security won't allow users to upload Executable files(.EXE files). Nathan Power, A Security Researcher from securitypentest discovered a New vulnerability in Facebook file uploading feature that leads to uploading EXE files. For sending message , you don't need to be friend.


Vulnerability Description:
Facebook security display Error message whenever user try to upload file. Whenever uploading a file, the facebook sends POST request to server. The researcher noticed the parameters of POST method.
Content-Disposition: form-data; name="attachment"; filename="cmd.exe"
Here you can notice filename parameter is used to send the file name. This variable is used to check the file type whether it is allowed to upload or not. If it is .exe file , it will be rejected. Researcher append white space in the end of file in order to bypass the checking. Successfully it worked for him.


Post Request Contents

He reported to Facebook about this vulnerability and they now fixed.
Read more »
Security News
Antivirus Malware Attack Security News

Avira Antivirus detects itself as Malware | False Virus Definition File

Avira Antivirus labeled itself as Spyware.  Avira detects AESCRIPT.DLL(one of Avira dll file) as "TR/Spy.463227".
Recent Virus Definition File(VDF version 7.11.16.146 ) Update of Avira mistakenly includes AESCRIPT.DLL  Library file as one of Spyware.  This results in avira detects itself as spyware.   

After they come to know about this issue, Avira updated the Virus Definition File and ask users to update the Antivirus. The posted about this issue in their official Forum


Read more »
Server Compromise
Cyber Attacks Cyber Crime Data Stolen Hackers News Malware Attack Malware Report Server Compromise

Japanese parliament's computers infected by Virus, an Cyber Attack


Japanese Parliment's computers infected by virus .  This gave access to Hackers. They Steal Confidential Data belonging to 480 lawmakers and their staff, for over a month.

As per the Report their servers are infected after a Trojan Horse was emailed to a a Lower House member in July. This Trojan Horse downloaded malware from Chinese based Server. This malware Spy on Email Communication and Steal confidential Data of Lawmakers and send to the attacker.








Last month, Mistubishi(Japan's Biggest Defense Contractor) server compromised and confidential data stolen such as such as fighter jets, as well as nuclear power plant design and safety plans.

Read more »
Trojan Horse
DDOS Attacks Malware Attack Malware Report Trojan Attacks Trojan Horse

Tsunami backdoor Trojan Horse for Mac OS X, port of Troj/Kaiten


Sophos researchers discovered a new Trojan Horse named as "Tsunami" that infects Mac OS X.  Researchers said it appears to be a port of Troj/Kaiten( a Linux backdoor Trojan horse that once it has embedded itself on a computer system listens to an IRC channel for further instructions)

An attacker can get access to infected system and launch DDOS Attack(Distributed Denial of service).

Sophos Anti virus included this OSX/Tsunami-A in virus Definitions, So it can detect these malwares. Don't forget to update your Antivirus.


Read more »
Subscribe to: Comments (Atom)