Internet threat news
If you have been reading this blog for any time at all, undoubtedly you are familiar with Zeus (sometimes also known as Zbot) and it’s more dangerous derivative Citadel – which appeared online after the original Zeus code was leaked. These two malware variants are responsible for millions of dollars in online bank fraud and were specifically designed to avoid detection for most popular antivirus suites. Although much of the popularity of these two malware variants has receded within the hacking community recently, another variant known as the Gameover bot has become extremely popular. This malware variant is sometimes known as Zeus P2P because it relies heavily on peer to peer network conductivity for command and control. What makes Gameover so popular is that it has been based on the “tried-and-true” methods that initially made both Zeus and Citadel so dangerous.
One of the good things about viruses is that they are reasonably easy to prevent by following some basic Internet/email best practices such as not downloading unfamiliar files and staying away from sites that may be compromised. Sure…this is sometimes easier said than done, but with a decent antivirus solution installed, most major threats can be stopped before they become serious. That all changes with the introduction of Chameleon. British researchers have created a computer virus that actually spreads through the air like a common cold. These researchers, from the University of Liverpool, have created malware that can jump from network to network using Wi-Fi access points. The speed that Chameleon can spread is something that is simply unheard of in the malware world and in the wrong hands, could represent a serious threat capable of hopping between homes and businesses in the blink of an eye.
Linksys, a popular home and small business router manufacturer, has a new threat to worry about as a self-replicating program known as “The Moon” exploits a vulnerability in the company’s E-Series product line. The worm was uncovered and reported on Wednesday by the Internet Storm Center (ISC) after it was noted that many popular Linksys E1000 and E1200 were scanning random IP address ranges on ports 80 and 8080. The Internet Storm Center researchers were able to capture the malware responsible for the scanning activity after intentionally leaving a test system vulnerable to attack. The premise of The Moon is to compromise existing vulnerabilities in the aforementioned Linksys routers and then use these routers to scan for other vulnerable devices.
Smart home technology has become increasingly popular and is expected to gain a significant market share in 2014. With its increased popularity, however, this technology has garnered the attention of hackers around the world looking to capitalize on a new technology trend. Belkin is a respected technology company best known for home and small business networking equipment. More recently, the company has introduced an entire line of smart home technology devices under the brand name WeMo. The most popular of these WeMo devices is an outlet that can be controlled by a smart phone anywhere in the world.
Point of Sale malware is nothing new, but BlackPOS may represent one of the most advanced versions of POS-specific malware to date. BlackPOS, for those unfamiliar with the term, is the malware variant responsible for the loss of over 40 million credit card numbers used in Target stores across the country during the holiday shopping season. It is also suspected in many of the other retail attacks reported as of late including Neiman Marcus and most recently, White Lodging (a franchise operating hotels under the Marriott, Hilton, Sheraton and Westin brands). Shortly after the Target breach was first announced, an anonymous user uploaded a copy of BlackPOS to a malware scanning service operated by Symantec. Although the copy was quickly removed from the site and later from Google’s cache servers, security experts have gotten a good look at this complex piece of malware and now better understand how it was able to go undetected for so long. BlackPOS was first introduced into Target’s systems in November of last year. Alarmingly, over 40 different malware scanning utilities found nothing threatening about BlackPOS.
The beginning of the 2014 tax filing season was January 31st and if you haven’t filed your taxes yet, now may be a good time to get started...unless, of course, you want any potential refund you may receive stolen by fraudsters “kind enough” to file on your behalf. According to a report filed by the Treasury Inspector General’s office last year, the Internal Revenue Service issued almost $4 billion in fraudulent tax refunds in 2012 alone. In most of these cases, personal information was stolen by identity thieves who then filed bogus tax returns on behalf of unsuspecting victims and had the refunds sent via direct deposit or paper check to an address other than that of the victim. Many of the refunds reported as fraud last year were over $5,000 - offering cyber criminals an easy way to make some serious cash each year before disappearing back into the criminal underworld. In fact, for this reason, the IRS has taken additional security measures this year in the hopes of preventing some of this fraudulent activity.
Federal authorities recently announced the arrest of 14 individuals suspected of operating a fraudulent credit card marketplace known as hxxp://fakeplastic.net. The leader of this website is Sean Roberson, a 39-year-old Florida man. In addition to selling high-quality counterfeit credit and debit cards, the site also offers holographic overlays used to create fake driver’s licenses. The FBI and US Postal Investigative Service have been investigating hxxp://fakeplastic.net since last year, but only recently gained access to the site’s server and discovered how the service actually works. The Postal Investigative Service became involved when it was discovered that counterfeit cards were being shipped via USPS delivery using a Click-n-Ship account registered to “Sam Adams.” The site has been selling stolen credit card information since April 2011.
The latest secret documents released by NSA whistleblower Edward Snowden show just how far the NSA and other international agencies are willing to go when collecting personal data from unsuspecting citizens. In a program referred to as the “mobile surge,” the NSA and even Britain’s Government Communication Headquarters have been collecting personal information from users of popular mobile applications including Rovio’s Angry Birds, Google Maps, Facebook and Twitter. Although it has long been suspected that government agencies snoop through social media sites, these latest reports prove that even playing your favorite iOS or Android game could provide the NSA with a lot of information you probably don’t want to share with just anyone.
It’s no secret that healthcare.gov, the site responsible for signing citizens up for the Affordable Care Act, has been under fire since its launch. The site has been plagued with design flaws that have literally crippled the site on many occasions; prompting an onslaught of criticism from citizens and the media alike. Recently, a computer security consulting firm testified before Congress. The same firm also testified last year when the site first went live. In this testimony, the focus was on the fact that out of 20 blatant security flaws uncovered last year, only half of one has been addressed. In other words, it’s “business as usual” according to TrustedSec CEO David Kennedy. At the time of this writing, there are approximately 40 potentially dangerous security flaws associated with healthcare.gov and the government has done little to nothing to address these potentially serious security concerns.
A software vulnerability has been discovered that allows hackers to access webcams, IP surveillance cameras and even baby monitors. The vulnerability enables remote viewing of cached and live video footage as long as the hacker knows the IP address of the device. All affected devices are manufactured by Foscam, a Chinese company that manufactures millions of these products every year. The issue was discovered earlier this week after camera experts discussing hardware on Foscam’s support forum realized that the web interface for many of these products can be accessed simply by clicking “OK” when prompted for a username and password. News of web cameras being hacked through vulnerabilities in Flash and Java are nothing new, but this exploit is different because surveillance cameras and baby monitors are also affected.
Zeus is a dangerous banking Trojan designed to record the keystrokes of unsuspecting users while they log into secure sites including online bank and credit card accounts. The username and password combinations are then sent to hackers who can quickly clean out these accounts (usually by wiring the funds to Russia or the Ukraine). This blog has covered Zeus in the past, but it appears a new version of this dangerous malware is on the loose. Although the actual malware is relatively unchanged, hackers have been looking for new ways to trick potential victims into downloading the software. One of the most popular attack methods is known as drive-by downloading. This refers to a compromised website using known vulnerabilities in Java to install malware such as Zeus without the knowledge or consent of the user. Specifically, the Blackhole exploit kit is often used to drop Zeus on a computer.
Just as the Target credit card theft case comes to a close (where approximately 40 million credit card numbers were stolen during the holiday shopping season), it appears that the high-end retail store Neiman Marcus is now in hot water with customers for a similar breach. Earlier this week, the retailer announced it was working with the US Secret Service to track an apparent security breach that has unknown consequences as of this writing. What is known is that sometime in mid-December Neiman Marcus was made aware of potentially unauthorized transactions by its credit card processor. After notifying law enforcement officials, the retailer also began a private forensic investigation to uncover the compromise and thwart any future losses as a result of this theft.
A new mobile application has been released that could invade your privacy no matter where you are or what social media privacy settings you have in place. NameTag is a revolutionary application created by FacialNetwork.com. The app relies on powerful facial recognition software to provide information to app users instantly using a smartphone or the increasingly popular Google Glass. When the app spots a person using the camera already included with practically every smart device, the facial recognition software kicks in and immediately matches the “target” individual with any relevant social media information including contact information, interests, hobbies, passions and practically anything else you can think of.
Bitcoin is a cryptocurrency that first gained notoriety as the payment method of choice for hackers and other cyber criminals. This blog has documented the extensive use of Bitcoins on The Silk Road (an underground drug marketplace that has since been taken down by the FBI), but it seems that Bitcoins are still on the rise. Even mainstream media sources such as CNBC have been watching the Bitcoin rise in value to a high of nearly $1,200 USD each in recent months. Currently, Bitcoins are worth approximately $845 USD each. One of the things that makes Bitcoin an attractive alternative currency is a lack of regulation. Anyone can create Bitcoins through a process called mining. Mining uses a computer (or specialized processors designed exclusively for mining) to solve complex mathematical algorithms. Once the algorithm is solved, that machine earns a block of Bitcoins. The problem is that as Bitcoins are released, the algorithm to get more becomes increasingly more difficult.
Page 1 of 6<< Start < Prev 1 2 3 4 5 6 Next > End >>