IT Security Top Headlines

Ukraine-based cybercriminals steal from online German banks

pinolobu — Wed, 30 Sep 2009 09:05:30 +0000

A report from security company Finjan said that cyber-criminals have developed sophisticated ways to remain undetected, describing how a Ukraine-based gang managed to steal 300,000 euros in 3 weeks in August 2009 from several German online banks.

It used a malicious software which:
- fooled banks’ anti-fraud systems
- forging bank statements to hide the thefts.

It also recruited innocent job-seekers as money mules.

Full

How to detect inserted hidden illicit content in web pages

pinolobu — Tue, 25 Aug 2009 07:18:24 +0000

Hackers exploit security vulnerabilities in popular web software such as blogs, forums, CMS, image galleries and wikis to insert hidden illicit content into web pages of innocent third-party web sites.

Thousands of web site owners are unaware that their sites are hacked and infected with parasites.

So what you think is your website might not be really yours after all.

One tool to detect the presence of suspicious URLs in hidden frames is by using this tool:

http://www.unmaskparasites.com/

I used this to detect Gumblar, a botnet that infects Web servers and infected Web site visitors for the purposes of installing malcode on PCs that redirects end-user Google searches to fraudulent Web sites.

Beware of facebook phishing site: faecibook.com

pinolobu — Sat, 15 Aug 2009 02:56:51 +0000

First post I’ve seen is dated 7th August 2009.

If you see a comment that goes something like this, DO NOT CLICK ON IT:

seen this really bad blog about you? http://www.jdsense.com/search/redirect.php?f=http://blogs.faecibook.com/sessionid?nglnbskuf

Apparently China based, it will bring you to an authentic-looking FAKE Facebook page that tells you Your Session Has Expired and will require you to login with your email and password.

Its only purpose is to harvest your email address and facebook password, and the creators are writing comments on strangers’ statuses.

So far, the comments have been either “seen this really bad blog about you?” or “I have a 13 year old daughter who is in LOVE with you.”

Apparently, in a few minutes, the message will be deleted.

If you happen to experience this, CHANGE YOUR PASSWORD NOW!!!

Technical info:

It seems the domain was set up on 6th August 2009 under the name Li Wang, registered in Shanghai with email lixing688@gmail.com, and phone/fax no: 86-021-51697771

High profile websites attacked

pinolobu — Fri, 07 Aug 2009 13:04:22 +0000

High-profile websites including Google, Facebook and Twitter have been targeted by hackers in what is described as a “massively co-ordinated attack”. Other sites such as the blogging platform Live Journal were also reportedly targeted.

Full

Twitter suffers DDOS attack, reopens 2 hours later

pinolobu — Thu, 06 Aug 2009 17:45:57 +0000

Micro-blogging service Twitter was taken offline for more than two hours on 6th August in what the company believes was a co-ordinated denial-of-service (DDOS) attack.

Full

Apple fixing iPhone security issue

pinolobu — Fri, 31 Jul 2009 18:05:35 +0000

Apple is going to release a software patch to fix a recently reported iPhone security vulnerability, which is that specially crafted SMS messages could disconnect the phones from the network, or worse, hijacked.

And not just the iPhone, phones running Windows Mobile and Google Android Oses are also vulnerable.

Full
The BBC, 31 Jul 2009

Los Angeles proposes to drop own network for Google

pinolobu — Mon, 20 Jul 2009 03:03:45 +0000

Security and privacy concerns have been raised over a multimillion-dollar proposal by Los Angeles, the second largest city in the US, to tap Google Inc.’s Internet-based services for government e-mail, police records and other confidential data.

At issue is the security of computerized records on everything from police investigations to potholes as America’s second-largest city considers dumping its in-house computer network for Google e-mail and office programs that are accessed over the Internet.

Full

Hackers attack Facebook users by phishing

pinolobu — Sat, 16 May 2009 05:30:08 +0000

It was reported by Reuters on 16th May 2009 that in phishing attacks on Facebook’s million of users, they have successfully collected passwords from *some* of them. Exact number not revealed.

This is the latest in a series of attacks on the site.

Facebook said:
(i) it’s now “cleaning up damage”
(ii) it’s blocking compromised accounts.

Modus operandi of attackers:
(i) breaking into accounts of some Facebook members; presumably via common methods like weak password guessing?
(ii) send e-mails to friends of the member asking them to click on links to fake websites, designed to look like the Facebook home page. There, the victims were directed to log back in to the site, where in actual fact they logged into the one controlled by the hackers, hence revealing their passwords.

The fake domains include www.151.im, www.121.im and www.123.im.

As to the objective of the hackers, it’s believed that they wanted to take over a big number of accounts, then use them to send spam selling goods to Facebook members at large.

Source

More than 12 million computers are being controlled by cybercriminals

pinolobu — Wed, 06 May 2009 14:52:42 +0000

6 May 2009

Security firm McAfee monitored cyberspace since January 2009 and found that 12 million computers have been taken over by criminals.

And compared to last year, the number of zombies has increased by 50%.

The real number is likely to be higher.

The United States has 18% of the world’s infected computers. Second is China with 13%.

SOurce
The BBC

A web page is infected every 4.5 seconds, and other current statistics

pinolobu — Wed, 22 Apr 2009 03:47:11 +0000

Amongst other things mentioned at the ongoing 2009 RSA conference in San Francisco, the largest ICT security event in the world:

(i) ICT security pros need to work together to fight the now highly organised cyber criminals the world over. Online fraudsters “are not bound by any rules of law” and have control over “massive armies of zombie computers”. No more acting independently: now there’s a need to collaborate, to create a common development process: standards, sharing technologies and integrating technologies and controls into the infrastructure.

(ii) Cyber criminals have infiltrated everything imaginable: from the US power grid to the Pentagon.

(iii) Sophos said a web page is infected every 4.5 seconds & every day more than 20,000 new samples of malware are discovered.

(iv) Symantec said it had blocked 245 million attacks per month in 2008 : that’s 200,000 attacks every 30 minutes, and that 90% of attacks target confidential information

(v) Attackers are changing their approaches, from mass distribution (random attacks) to a few threats being distributed to micro-distribution where there are millions of distinct threats. Meaning, they now target individuals, to try to steal confidential information (medical, financial etc). Hence, anyone can be a victim.

Source
The BBC, 21 April 2009