Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Spywares
Android Malwares Malware Report Spywares

SmsDetective SMS spying app for Android


TrendMicro researchers have come across a spytool which is currently available on Google Play, that is actively being discussed on certain hacker forums.

This tool’s beta version is available on the site since March 11. An estimated 500 – 1000 users have already downloaded the said spytool, which Trend Micro detects as ANDROIDOS_SMSSPY.DT.



This spytool gathers SMS messages from an infected mobile device and sends these to a remote FTP server at regular times set during the app’s installation.

As the app is still in its beta testing, spying on a mobile device using this tool poses certain challenges. First, it should be installed onto the target device without the victim knowing about it.

 Second, potential attackers would need to setup their own FTP servers, which may be difficult for those with less advanced IT knowledge.
Read more »
ZeuS
Breaking News Malware Report Ransomware ZeuS

ZeuS 2.x comes with Ransomware Feature

The recent popularity of ransomware has resulted in an unexpected malware combination. F-Secure researchers have recently spotted a new Zeus 2.x variant that includes a ransomware feature.

When this particular variant is executed, it opens Internet Explorer with a specific page (lex.creativesandboxs.com/locker/lock.php) and prevents the user from doing anything else with the infected system. The webpage that was opened presumably showed some type of extortion message, but it's currently unavailable because the site is offline.

The most straightforward way to unlock the system is to simply delete the trojan. This can be a bit tricky since the trojan prevents doing anything with the infected system, luckily the locking itself can be easily disabled first.

After disassembling the malware, researcher found that the unlock information is stored to the registry. So it is possible to unlock without paying the ransom.

part of Disassembled code

 Unlocking can be performed quite easily with a registry editor:

1. boot the system in safe mode
2. add a new key named syscheck under HKEY_CURRENT_USER
3. create a new DWORD value under the syscheck key
4. set the name of the new DWORD value to Checked
5. set the data for the Checked value to 1
6. reboot


Read more »
Database Leaked
Breaking News Database Leaked

Anonymous leaks 1.7GB data from US Bureau of Justice Statistics

Anonymous hackers have initiated a campaign called Monday Mail Mayhem.  As part of the attack, hackers breached the United states Bureau of Justice Statistics(bjs.ojp.usdoj.gov), an agency that, governed by the Department of Justice, collects and analyzes data on crimes and criminals. Hackers leaked 1.7GB of data on the Pirate Bay.



“We do not stand for any government or parties; we stand for freedom of people, freedom of speech and freedom of information. We are releasing data to spread information, to allow the people to be heard and to know the corruption in their government,” the hackers said in the video that accompanies the data leak.

“We are releasing it to end the corruption that exists, and truly make those who are being oppressed free. The price we pay very often is our own freedom. The price governments pay is the exposure of their corruption and the truth being revealed, for the truth will set us free in the end.”

The site is back to online now;  a Department of Justice spokesperson has stated that they’re currently investigating the intrusion.

 They claim that the data has been taken from the public facing website, which most likely means that there isn’t anything of major importance in the leak.
Read more »
Anonymous Hackers
Anonymous Hackers

Hackers take down Chicago Police Department website

The Chicago Police Department (CPD) and city of Chicago's official websites were victims of a cyber strike seemingly performed on Sunday by hacktivists affiliated with Anonymous .

The strike was allegedly in retaliation for police violence toward NATO summit protesters.

Calling themselves “AntiS3curityOPS,” the hackers reportedly sent a suggestive message to the CPD via a YouTube video that has since been removed.

The group took to its Twitter account Sunday to address the hacks, stating, “We neither confirm nor deny any allegations made against us in regards to the NATO and Chicago Police Dept. hacks.

The websites are currently up and running once again. The Federal Bureau of Investigation is investigating the cyber assault.
Read more »
UGNazi
Featured Social Engineering Attack UGNazi

UGNazi hacked WHMCS by Social Engineering attack

UGNazi hacke group have manage to break into the WHMCS, a company that provides billing and customer support tech to many web hosts . They leaked data and deleted all the files from the firm’s server.

The data leak contains 500,000 records including customer credit card details, username, passwords and IP addresses.

According to report, The hackers tricked WHMCS's own hosting firm into handing over admin credentials to its servers.

UGNazi also gained access to WHMCS's Twitter account, which it used to publicise a series of posts on Pastebin that contained links to locations from which the billing firm's customer records and other sensitive data might be downloaded.

"Following an initial investigation I can report that what occurred today was the result of a social engineering attack. The person was able to impersonate myself with our web hosting company, and provide correct answers to their verification questions," Matt Pugh, WHMCS founder and lead developer explained.

“And thereby gain access to our client account with the host, and ultimately change the email and then request a mailing of the access details. This means that there was no actual hacking of our server. They were ultimately given the access details.”

Hacktivists justified the attack by making unsubstantiated accusations that WHMCS offered services to shady characters, via an update to WHMCS's compromised Twitter feed:

Many websites use WHMCS for scams. You ignored our warnings. We spoke louder. We are watching; and will continue to be watching. #UGNazi

After the incident, WHMCS reported the breach on its systems to the FBI.
Read more »
Spam Report
Spam Report

American Express 'Verify User ID' mail points to Blackhole Exploit


A spam mail purportedly coming from American Express asks if the recipients recently tried to verify their user IDs or change the account password.

The message is designed to trick recipients into clicking a link in the mistaken believe that someone has tried to access their American Express account.


Those who click the link will be taken to a webpage that advises them to wait while the page is loading (see screenshot on right). However, an American Express login page does not appear as the user would expect. Instead, the page will redirect to another site that harbours the BlackHole exploit kit.

"Criminals intent on distributing Blackhole have used a number of similar email campaigns in recent months including fake Verizon Wireless bills, bogus Amazon.com order notifications and flight ticket confirmations falsely claiming to be from various airline companies. " Hoax-layer report reads.
Read more »
Pak Cyber Pyrates
Defaced Website Pak Cyber Pyrates

4600 Indian Websites Hacked by Pak Cyber Pyrates

Cyb3r0c3r from Team Pak Cyber Pyrates claimed to have hacked 4600 Indian websites.  According to hackers, the hack is revenge for continuous Pakistani websites hack from the Indian hackers. 

Pakistani hackers had been ignoring them for long but they became angry when some Indian hackers hacked some Pakistani sites and broadcasted some aggressive content towards Muslims.

Above 4600 Indian sites including 4 Indian University Websites have been hacked in this attack.

The list of hacked sites can be found here:
http://pastebin.com/8sZ4C7Kp


Read more »
Spam Report
Scam Report Spam Report

Bogus Facebook apps redirects you to a random Android app

Bogus Facebook apps redirects mobile traffic towards android apps , warns Bitdefender Security researchers. Cybercriminals developed fake version of two legitimate apps “Lista de Verificación del Amante Ideal” and “Lista de Verificare pentru Iubit(a)”(that’s Spanish and Romanian for “Girlfriend Checklist”).  The fake version promotes Android games.

The legitimate version of this app are supposed to scan your Facebook contacts and list all the potential girlfriends/boyfriends among your friends. It also enables tagging so “potential candidates” can be made aware of the (fake) app you’ve used.

These fake applications have the same behavior as their original counterparts (in terms of functionality), but they perform a http 302 redirect to another link, that’s not Facebook-related, when they detect mobile traffic.


The fake version will redirect you to a random Google Play game , if you are from Android handset.

"None of the analyzed Google Play apps have proven to be infected with malware, but the possibility of being redirected to some potentially malicious application or website should not be taken lightly." says researcher.

"This could be the beginning of paid promotions through Facebook, where Android app developers can actually subscribe to have their apps promoted via Facebook by means of illegitimate services. This type of paid advertisement of Android apps through Facebook is a new concept and although these redirecting links/apps are not malicious so far, they could turn out to be at some point."
Read more »
DDOS Attacks
Anonymous Hackers DDOS Attacks

ATeam (Anonymous Team) takes Down DWP.gov.uk for “Abuse of Privacy”


The website belong to UK's Department for Work and Pensions (DWP) has been taken down as a result of distributed denial of service (DDoS) attack , which the Anonymous splinter group the ATeam has taken credit for.


The hacktivists claim that their actions are a form of protest against “the abuse of privacy” made by the DWP.

This incident came after the hackers learned that the organization’s employees were found to misuse social security records, TechWeek Europe informs.

DWP representatives have stated that they’re investigating the disruption, but they say that the site has only been “occasionally completely down.”

Earlier this week, the same group of hackers took credit for taking down the websites of Theresa May MP, the UK Supreme Court and the Information Commissioner’s Office (ICO). At the time, they protested against the Leverson Inquiry, the extraditions of hackers to the United States, and the fact that the ICO failed to protect the privacy of individuals.


Read more »
Web Application Vulnerability
Exploits Vulnerability Web Application Vulnerability

PHP 5.4 Remote Exploit PoC in the wild

There is a remote exploit in the wild for PHP 5.4.3 in Windows, which takes advantage of a vulnerability in the com_print_typeinfo function. The php engine needs to execute the malicious code, which can include any shellcode like the the ones that bind a shell to a port.

The exploit can be found here:
http://www.exploit-db.com/exploits/18861/

Since there is no patch available for this vulnerability yet, you might want to do the following:
  • Block any file upload function in your php applications to avoid risks of exploit code execution.
  • Use your IPS to filter known shellcodes like the ones included in metasploit.
  • Keep PHP in the current available version, so you can know that you are not a possible target for any other vulnerability like CVE-2012-2336 registered at the beginning of the month.
  • Use your HIPS to block any possible buffer overflow in your system.
Reference:
isc.sans.edu
    Read more »
    Software Release
    DDOS Tools Software Release

    HULK - Web Server DoS Tool

    Barry Shteiman, a principal security engineer at Imperva, has released a Python-based web server denial-of-service (DOS) tool called HULK (Http Unbearable Load King).

    HULK is a web server denial of service tool written for research purposes. It is designed to generate volumes of unique and obfuscated traffic at a webserver, bypassing caching engines and therefore hitting the server's direct resource pool.

    Some Techniques
    • Obfuscation of Source Client – this is done by using a list of known User Agents, and for every request that is constructed, the User Agent is a random value out of the known list
    • Reference Forgery – the referer that points at the request is obfuscated and points into either the host itself or some major prelisted websites.
    • Stickiness – using some standard Http command to try and ask the server to maintain open connections by using Keep-Alive with variable time window
    • no-cache – this is a given, but by asking the HTTP server for no-cache , a server that is not behind a dedicated caching service will present a unique page.
    • Unique Transformation of URL – to eliminate caching and other optimization tools, I crafted custom parameter names and values and they are randomized and attached to each request, rendering it to be Unique, causing the server to process the response on each event.
    More details can be found here.

    Read more »
    Subscribe to: Comments (Atom)