WebProNews

Tag: Botnet

  • Modified Malware Hijacking WiFi Routers, Killing Competing Malware

    Modified Malware Hijacking WiFi Routers, Killing Competing Malware

    Another day, another malware attack. ZDNet is reporting that a modified version of Gafgyt is targeting WiFi routers in a rather aggressive fashion.

    The malware in question has a long history of targeting known vulnerabilities in popular home and small-office routers. Once compromised, the routers become part of a botnet for use in distributed denial of service (DDoS) attacks-for-hire. The latest version of the malware has been updated to target three wireless routers: the Huawei HG532, Realtek RTL81XX and the Zyxel P660HN-T1A.

    Because Gafgyt’s purpose is to build a botnet powerful enough to generate income through paid attacks, the malware’s creators have programmed it to seek and destroy competing malware on any devices it infects.

    Researchers at Palo Alto Networks have been studying the malware and provided ZDNet with more information about how it works.

    “The authors of this malware want to make sure their strain is the only one controlling a compromised device and maximizing the device’s resources when launching attacks,” said Asher Davila, security researcher at the Palo Alto Networks Unit 42 research division.

    “As a result, it is programmed to kill other botnet malware it finds, like JenX, on a given device so that it has the device’s full resources dedicated to its attack.”

    Because most of the vulnerable routers are relatively old—by technology standards—most trouble can be avoided by upgrading to a newer model or, at the very least, updating the router’s software.

    “In general, users can stay safe against botnets by getting in the habit of updating their routers, installing the latest patches and implementing strong, unguessable passwords,” Davila explained.

    “The more frequent the better, but perhaps for simplicity, considering timing router updates around daylight savings, so at least you’re updating twice a year.”

  • Bitcoin Heists Test Currency’s Legitimacy

    Bitcoin Heists Test Currency’s Legitimacy

    In startling news Tuesday morning, one of the world’s largest bitcoin exchanges, Mt. Gox, ceased existing, leaving millions of dollars worth of bitcoins unaccounted for.

    The Tokyo-based exchange company has stated that a security leak that has been present since September has violated the integrity of some 700,000 accounts, totaling approximately $350 million in stolen currency. Due to this huge loss of bitcoins, the value of the cyber-currency has plummeted drastically in the last 2 hours, losing nearly 20% of its value on the open-market.

    In order to save some legitimacy and ethos for the currency, 6 of the world’s leading bitcoin exchanges have released a statement claiming that the heist was a result of negligent actions of Mt. Gox and is not representative of an inherent security flaw in the digital currency itself:

    “This tragic violation of the trust of users of Mt.Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry. There are hundreds of trustworthy and responsible companies involved in bitcoin. These companies will continue to build the future of money by making bitcoin more secure and easy to use for consumers and merchants. As with any new industry, there are certain bad actors that need to be weeded out, and that is what we are seeing today… We are confident, however, that strong Bitcoin companies, led by highly competent teams and backed by credible investors, will continue to thrive, and to fulfill the promise that bitcoin offers as the future of payment in the Internet age.”

    The Mt. Gox incident is simply the most recent scandal bitcoins have faced over the past year. Earlier this month, another heist was uncovered which involved the use of a “Pony” botnet to steal the account information for 700,000 accounts. The information from these accounts allowed hackers access to 85 private wallets with a total of approximately $220,000. A botnet is a form of Trojan malware which infects thousands of host computers, which then take commands from a central computer.

    The goal of these computers is to hack into the private information owners have stored, granting the hackers access to the private key numbers which are used to access the virtual wallets bitcoins in which bitcoins are stored. Ziv Mador, security research director with Trustwave, stated that “It is the first time we saw such a widespread presence of this type of malware. It was on hundreds of thousands of machines.”

    While this may have been the first time malware has been used on such a scale to steal bitcoins, it is not the first time bitcoins have been stolen by hackers. Last year, in fact, over $1 million in bitcoins were stolen by hackers who were able to reset an exchange site’s password through an email recovery scheme.

    These latest large-scale bitcoin heists, added to the two Silk Road busts which have occurred so far, make many question whether or not bitcoins are a viable form of currency. Campbell Harvey, a professor at the Duke University who specializes in financial markets and global risk management, believes that the recent news coming from Mt. Gox “reminds us of the downside of decentralized, unregulated currencies. There is no Federal Reserve or IMF to come to the rescue. There is no deposit insurance.” However, he goes on to add that this “doesn’t mean the end of the road” for bitcoins as “increasingly sophisticated investors” will seek solutions which “raise both quality and confidence” of bitcoin exchanges.

    While Harvey may be optimistic, those at Mt. Gox are not. In a leaked “Crisis Strategy Draft” plan, executives at Mt. Gox state, “The reality is that MtGox can go bankrupt at any moment, and certainly deserves to as a company. However, with Bitcoin/crypto just recently gaining acceptance in the public eye, the likely damage in public perception to this class of technology could put it back 5~10 years, and cause governments to react swiftly and harshly. At the risk of appearing hyperbolic, this could be the end of Bitcoin, at least for most of the public.”

    Until the world knows the answer to whether or not bitcoins are a secure investment or not, one of two actions should be taken: 1) Either store bitcoins in an offline wallet; or 2) Cash those puppies in and don’t look back. Considering the wildly fluctuating value of the currency and the increased security-risks of late, option two is looking better and better everyday.

    Image via Wikimedia Commons

  • Millions Of Google, Facebook, Yahoo, Twitter And LinkedIn Passwords Compromised

    Millions Of Google, Facebook, Yahoo, Twitter And LinkedIn Passwords Compromised

    Two million user passwords from Google, Yahoo, Facebook, Twitter, LinkedIn and other sites were reportedly stolen and posted online.

    Daniel Chechik at Spider Labs posted about the findings, which is actually a follow-up to a June post about the Pony botnet controller. At the time, it was found that about 650,000 website credentials had been stolen from Facebook, Yahoo, Google and others.

    The new findings are as follows:

    ~1,580,000 website login credentials stolen

    ~320,000 email account credentials stolen

    ~41,000 FTP account credentials stolen

    ~3,000 Remote Desktop credentials stolen

    ~3,000 Secure Shell account credentials stolen

    The login credentials come mostly from those sites mentioned at the beginning of the article.

    Long story short, you might want to think about changing your password.

    Image: Facebook Developers

  • Android Spam Botnet Could Be the First of Its Kind

    Android users, take note: There’s a malicious botnet currently in operation that could be using your device to send out bogus spam emails to thousands of unsuspecting individuals. The discovery was made by a Microsoft researcher who unearthed several “spam samples” that were coming from compromised Yahoo! accounts. What was particularly alarming about this discovery was the fact that the spam was originating from Android-powered gadgets.

    The damning evidence, of course, was the “Sent from Yahoo! Mail on Android” line located at the bottom of these emails. Terry Zink, the man who first noticed botnet, said that questionable content was being sent from countries such as Chile, Indonesia, Lebanon, Oman, Philippines, Russia, Saudi Arabia, Thailand, Ukraine, and Venezuela, areas where cyber security isn’t as widely utilized.

    Since Google Play has taken measures to ensure their downloads do not contain malicious software, Zink speculates users may have obtained the virus by downloading “free” versions of commercial software from third-party websites. The only alternative, according to this intrepid researcher, is that Android owners could have accidentally gotten their hands on a bogus Yahoo! Mail app somewhere down the line.

    A representative from Google, meanwhile, was quick to comment on the security of their service, stating that, “Last year we also introduced a new service into Google Play that provides automated scanning for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process.”

    For those who are still wondering what, precisely, a botnet is, here’s an explanation courtesy of Wikipedia:

    A botnet is a collection of compromised computers, each known as a “bot”, connected to the Internet. Botnets are formed when computers are targeted by code within malware (malicious software). The controller of a botnet directs these compromised computers via standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol).

    In short, it’s a network of computers used by hackers and nefarious types to send out emails and all sorts of nastiness. It’s not something you ever want to find yourself a part of. If you suspect that your Android device may, in fact, contain some malicious software, it’s suggested that you upgrade to the newest version of Android available.

  • Spammers Make Up 40% of the Social Web

    Online security firm Impermium has just reported that up to 40% of all social media accounts are created by spammers, and this number has doubled over the last six months. Spammers exploit the sharing features on social networks to spread their wares, and ‘clickjacking’ and ‘likejacking’ are rampant. Facebook describes clickjacking in its help center:

    Certain malicious websites contain code that can make your browser take action without your knowledge or consent. For example. clicking on a link on one of these websites might cause the website to be posted to your Facebook profile (timeline). Never click strange links, even if they are from friends. Also be sure to notify the person sending the link if you see something suspicious.

    Just a couple of years ago, email was the platform of choice for the peddling of speed-diets, stamina pills, pyramid schemes, money-laundering agreements from Nigeria, gold, diamonds, pornography, “inheritances,” etc. Spam filters in email clients have advanced, and social media sites are a better medium for spreading malicious content regardless. Mark Risher, CEO of Impermium, states, “Social spam can be a lot more effective than e-mail spam – The bad guys are taking to this with great abandon.”

    Earlier in the year, Facebook won a suit against a company called Adscend Media, which was actually pulling in about $1.2 million a month via clickjacking tactics alone. Spam is big business, and Impermium points out that a spammer can purchase hundreds of Facebook accounts and a botnet for $99, and that “social spam” is affecting every site on the internet.

  • Microsoft Subpoenaing Emails In ZeuS Botnet Case

    Surely you’re aware of the ZeuS botnet case now in which a group of hackers from around the world are running a botnet ring that has infected thousands, if not millions, of computers. Microsoft has taken a proactive approach to finding the culprits by raiding the locations where these people were thought to be operating from.

    The Krebs on Security blog reveals that the case has moved along further than originally thought. It appears that Microsoft is now issuing subpoenas to the people listed in their documents as having run the botnet ring. These botmasters have started to receive emails from Google stating that heir information may be handed over to the court.

    Krebs says the order has angered many in the cybersecurity community who have been working for years to uncover the people behind the ZeuS botnet. Microsoft charging in as an Internet vigilante has impacted the work that law enforcement can actually do in the case. By publishing the details of the suspected botmasters, Microsoft also betrays the trust of the cybersecurity community who have worked hard to secure the personal information of said hackers.

    The main issue here according to Krebs is that cybersecurity experts feel Microsoft overstepped their boundary as a private corporation. The company published information that was shared with the confidence that it wouldn’t be published. Current cases open by law enforcement could be pushed back or cancelled by Microsoft’s actions.

    The main point here is that Microosft is trying to be the Batman of the cybersecurity world. Just like with the actual Batman, law enforcement isn’t a fan. Unlike Batman, Microsoft seems to not be doing that great of a job with their law enforcement. Sure, they’re getting names and prosecuting people, but are they the right people and can law enforcement still do their job.

    It makes you wonder why we need CISPA anyway. It doesn’t look like Microsoft wants to share information with law enforcement when they can just start investigating and enforcing the law on their own.

  • Fake Angry Birds Space Contains Malware On Android

    Angry Birds Space is really, really popular. Besides its much improved gameplay, it launching simultaneously across all platforms really helps with the download rate. Android getting an ad-supported free version of the game definitely entices players to download the game. You should really watch out which version you download though.

    Rovio let everybody know that there’s a fake version of Angry Birds Space for Android floating around in the space of smartphones apps. While Rovio doesn’t go into more detail, security firm Sophos details the malware on their blog. What makes this latest attempt at hacking your phone more dangerous is that it really is the fully-functioning game of Angry Birds Space. To the normal user, nothing would appear out of the ordinary.

    Sophos says that the innocuous download contains the Andr/KongFu-L malware. It uses the GingerBreak exploit to gain access to your phone, and installs malicious software. This in turn takes over your phone and turns it into a malware magnet. Not only is it installing harmful software on your phone, but it’s using your 3G/4G connection to do it.

    The affected game only comes from unofficial Android markets. The version of the game on the Google Play Store remains totally safe, as does the download from Rovio’s Web site.

    I feel that I must remind Android users that the operating system is just like that of a PC. It’s easily hackable and your phone can become part of a mobile botnet if you’re not careful. Pay attention to what you download. There are usually key signs that a file is unsafe including a fake publisher, typos in the app’s description and suspicious file sizes.

    Some tips to stay secure include downloading exclusively from the Google Play store. While not every app on the Google Play store is safe, the company has introduced a bot that finds most of the malware on the store and deletes it. Another would be to install anti-virus software on your phone. I recommend Avast for its free, yet powerful set of tools that has kept my phone safe so far with its alerts that a file or app may be unsafe.

    [h/t: All Things D]

  • Windows XP Users: Upgrade Now, Or Forever Be Hacked

    It’s been almost 11 years since the launch of Windows XP in October of 2001. The operating system is getting on in years and Microsoft has done their best to get people to upgrade. Unfortunately, its successor, Windows Vista, did little in the way of making people upgrade. In fact, there were probably a lot of users who downgraded from Vista after all of its problems became more known. Those users should probably start looking into getting an upgrade because your operating system of choice may soon be a hive of exploits and botnets.

    While the big news yesterday was that Windows Vista was losing its mainstream support, it also made us aware that Windows XP would be losing its extended support in 2014. This poses a problem for the 35 percent of people in the world who still use the operating system.

    Speaking to Network World, Jason Miller of VMware, says that Windows XP came out during the “hey-dey of buying computers.” It’s true, the Windows market was booming back in the late 90s leading up to the 2001 release of XP. Everybody had to have a Windows PC and XP was the affordable option. I would argue that a new PC equipped with Windows 7 is just as affordable as an XP PC was in 2001, but the market for a new PC isn’t as big as it was then.

    Qualys CTO Wolfgang Kandek gets it when he says that says enterprises are going to upgrade, while regular users are not. The reason being is that regular consumers just aren’t looking upgrade or buy a new PC anymore. Many computer owners probably bought an XP system when it came out and are just as content with it now as they were then.

    Kandek also says that it’s a problem of awareness. How many people know that Microsoft is ending support for XP in two years? The company never really lets you know beyond going to their Web site. I know my parents and I know people like my parents, they’re not checking Microsoft’s Web site for the latest updates on platform support. The computer is just a tool, or a time waster for them, not something to be invested in.

    The final problem, according to Amol Sarwate of Qualys, is the rise in tablet use. I think we can all see how this is a problem with everybody using tablets these days. The problem is that tablets aren’t the end all be all of computing yet. Apple CEO Tim Cook may say that we live in a post-PC world, but we’re still very much a PC world until tablets can crank out 10 page essays on the pastoral themes in The Tempest.

    What happens when this person boots up their old Windows XP desktop or laptop to write a paper in 2015? What if they have to get onto Google looking for sources because they can’t find any evidence of the pastoral in The Tempest beyond a few vague instructor-created allegories. They might stumble upon a bad Web site, and BAM, their computer is now part of a botnet. There’s nothing they can really do either since Microsoft is no longer providing updates to the OS.

    Even though its predicted that most enterprises will upgrade, there’s still potential danger there as well. Sarwate says that SCADA systems are particularly at risk. While SCADA is a unique operating system for controlling industrial or manufacturing processes, it still runs on a modified version of Windows XP. If you’re going to replace those computers, you’re going to have to rewrite the SCADA software. Who’s going to foot the bill for that until it’s too late?

    It’s a scary world out there folks, and it’s just going to get scarier. Windows XP may be Microsoft’s crowning achievement as far as stable operating systems go, but it’s still as vulnerable as anything else. Come 2014, it’s going to become even more vulnerable.

    If you’re still using Windows XP, you have a couple of options. If you’re a power user and your hardware can facilitate it, why not upgrade to Windows 7. While it’s pretty expensive, the peace of mind you gain should be worth the price of admission. I recommend Windows 7 Home Premium since its the cheapest option. If your XP PC is from 2001, you probably should just upgrade. You can get a great desktop for anywhere between $400 and $600 that’s running latest version of Windows 7. The third option is to just get a Mac, they never get viruses. Oh wait…

    If all else fails, there’s always Linux.

  • Mac Virus: Keep Calm And Use Backup

    Mac Virus: Keep Calm And Use Backup

    Mac fans everywhere have felt the pain of Windows users recently with a lovely little virus–the Flashback botnet–which affects a vulnerability in Java. It’s the second hit in just a few months for Apple lovers, coming after the arrest of Russian cyber-criminal Pavel Vrublevsky, who developed faux anti-virus applications for OS X. Unlike the previous strain of malware–which required the user to download a fake Adobe Flash installer–this version of the Flashback virus is particularly tricky because it can spread infection without the user doing anything in particular and often doesn’t show symptoms. A silent enemy is a scary enemy.

    But all is not lost, apparently, as there are several things you can do to fix the problem. Ars Technica has helpfully provided a way to check for the virus, which is obviously the first step:

    First, launch Terminal from /Applications/Utilities on your Mac. Then individually type or paste these three lines into the Terminal:

    defaults read ~/.MacOSX/environment DYLD_INSERT_LIBRARIES

    defaults read /Applications/Safari.app/Contents/Info LSEnvironment

    defaults read /Applications/Firefox.app/Contents/Info LSEnvironment

    If the result looks something like this….

    The domain/default pair of (/Users/jacqui/.MacOSX/environment, DYLD_INSERT_LIBRARIES) does not exist

    The domain/default pair of (/Applications/Safari.app/Contents/Info, LSEnvironment) does not exist

    The domain/default pair of (/Applications/Firefox.app/Contents/Info, LSEnvironment) does not exist

    …then you are good to go. Running a software update is the next step.

    If you are infected, the cure is a bit tricky to pull off. You can read more about a fix here, or you can seek help from a specialist if you’re a non-techie like me.

    Of course, hindsight is always 20/20 and all that jazz, but it’s obviously a good idea to back up everything you do lest you end up like Carrie Bradshaw in an infamous episode of “Sex And The City”, where she was faced with a “sad Mac” and lost all the work she had saved over the years. It’s also not a bad idea to invest in some anti-virus software; Norton makes a good one that won’t break your bank.

    A rep for the anti-virus protection company Sophos said: “First and foremost Mac users need to be sure they have installed the latest security patches from Apple. Second, Mac users can no longer rely on simply updating their computers. Preventative protection is an essential defense mechanism to detect and thwart future attacks.”

    Image credit: Amazon.com Keep Calm and Carry on – Macbook, Laptop Vinyl Wall Art Decal Sticker Decor

  • Microsoft Releases Video of Scranton Botnet Raid [Video]

    WebProNews’s Drew Bowling reported earlier about a raid conducted by Microsoft’s Digital Crimes Unit (DCU) on a botnet operation in Scranton, PA. Microsoft’s DCU, with a court order and aid from U.S. Marshals, raided command and control centers and seized servers and other equipment used to run botnets based on Zeus trojan malware. Late last night the DCU posted a video to YouTube, which includes footage of the raid and a message by the unit about cybercrime and its commitment to tracking and taking down botnets.

    Zeus malware is defined by Microsoft’s Malware Protection Center as a “password-stealing trojan that monitors for visits to certain websites. It allows limited backdoor access and control and may terminate certain security-related processes.” The trojan enables controllers to steal banking passwords and other private information from infected computers, and allows botnet originators to control large networks of infected computers, giving them increased computing power, bandwidth, and anonymity in order to carry out further attacks.

    Here’s the video of Microsoft going all vigilante on botnet servers:

    While I view the dismantling of botnet operations as generally a good thing, it makes me uneasy to see a private company leading raids and seizing equipment. Even when it involves a court order and assistance from federal law enforcement, this practice sets a dangerous precedent allowing private firms to investigate perceived threats and seize property in raids. Our law enforcement agencies and judicial systems are, at least theoretically, beholden to citizens and due process of law to act legally and in the best interest of citizens; companies like Microsoft, on the other hand — while they must still follow the law in their pursuits — are beholden only to company stakeholders and, to a lesser extent, to their users. The potential for abuse under such a precedent makes me squirm a little bit.

    What do you think? Is the Microsoft DCU posse doing a good thing in proactively and preemptively going after cybercriminals? Or does the involvement of private companies in legal execution overstep the bounds of privacy, law, and individual integrity? Or do you think something else entirely? We’d love to hear from you in the comments.

    [Main Image and Video Source: Microsoft DCU YouTube Channel]