Spyware Hunter

We are faced up with phishing attacks almost each day; however what we cannot see is the face behind the attack. Rsnake at ha.ckers.org recently had a piece of an interview, with a phisher who calls himself ‘lithium’. Not only the questions but also the answeres have an effect on me. Through the post we take a fine glance into the world of phishing based on one phisher experience. RSnake asked the phisher, called “lithium,” how he operates, what technology he uses, and just how much money he makes off these scams.

I cannot say I discovered anything chiefly astonishing as the majority of my suppositions about the people that enter into this activity fit pretty much with the profile highlighted in the interview. Nevertheless it at all times puts me a little sideways to see to how young a few of them are when they initiate.

It was also difficult to listen to how many people are making use of the similar password for their email as they do for their social identities and how this can be converted into a fine bit-o-cash for the phisher. Lithium, who calls himself 18 yrs old and claims to have been phishing around since he was 14, said to have stolen more than 20 million identities, mostly using social networking worms.

He says,

I have so many hundreds of thousands of accounts to many websites I haven’t even got a chance to look through,

While RSnake admitted not to have authenticated all of lithium’s real numbers, he said in response to comments on his ha.ckers blog that the phisher’s story jives with that of traditional phishers.

Read

Recently I went through an interesting article on Information Week, which was related to the use of spyware driven-traffic increasing the traffic counts of sites. Through the article, it is claimed that video sites are increasingly inclined to do this due to the 1.65 B buy out of YouTube.

A study by spyware researcher Ben Edelman finds that spyware-driven traffic inflation is common, particularly at video sites. Besides, he said that spyware is also being utilized to manipulate the fame of YouTube videos. The study identifies Bolt.com, GrindTV.com, Broadcaster.com, Away.com, RooTV.com, and Diet.com as the beneficiaries of spyware-driven traffic.

Here is the direct link to Ben Edelman’s result. While you get through them it looks that what he detected is a quite old game, where pop up and pop under advertising that calls a page or process on the web site that after that blows up the statistics of that web site.

Given that this is not a new-fangled game, and rather old in aspects of how long this has been carried out to drive up web statistics, if you memorize the omnipresent ads for the X10 Camera that eventually turned that web site into one of all the rage web sites on the globe, all by virtue of pop up/under advertising.

Read

Symantec, McAfee, and Computer Associates, all the three security bigwigs, recently said to patch up flaws in their products. McAfee’s advisory explains tribulations, which were in fact fixed mutely in March, in a range of products comprising VirusScan and the company’s Internet Security Suite. Flawed ActiveX controls is expected to be exploited by nasty Web sites to sprint arbitrary code.

Symantec’s tribulations with an ActiveX control in Norton Internet Security 2006 is also expected to land to arbitrary code execution. They have also been patched up via updates that can be availed via LiveUpdate.

CA’s tribulations, in its CA Anti-Virus for the Enterprise, CA Threat Manager, and CA Anti-Spyware, are potentially hard to exploit. They need local access, means hackers will have to obtain a program on the user’s system and sprint it initially. They may possibly guide to lofty privileges. They have also been patched up by updates via usual channels.

Read

Google was recently reported to have said that 1 in every 10 web pages, investigated by it, are containing malicious software, which could potentially contaminate a user’s computer. The majority of the infested web pages included unseen codes with the aim of attempting to pilfer private info for example passwords.

For their study, researchers at Google surveyed 4.5 million pages to “in-depth analysis” and detected that almost 450,000 of them could launch purported “drive-by downloads”, sites, which are said to deploy nasty code, like spyware, but for the prior consent of user. An extra 700,000 pages were thought of having code that might compromise a user’s PC.

In the report, published in the paper titled The Ghost In The Browser, Google researcher Niels Provos writes,

To entice users to install malware, adversaries employ social engineering. The user is presented with links that promise access to ‘interesting’ pages with explicit pornographic content, copyrighted software or media. A common example are sites that display thumbnails to adult videos.

Researchers also reported that hackers were targeting whole Web servers, in order to change about each page on the compromised server into a malware host. They were exploiting blog comment characteristics and further Web 2.0 methods of obtaining user-created content as techniques to encourage malware sites or to disseminate software-based attacks.

Read

A Symantec researcher was recently reported to have said that Microsoft Update, which is included with a component known as Background Intelligent Transfer Service (BITS), might possibly be exploited by hackers to evade security measures and attack computers. BITS sprints in the background on a Windows computer as an asynchronous download service for patch updates.

Elia Florio who is one of the researchers at Symantec’s security response team was quoted as saying,

It’s a very nice component and if you consider that it supports HTTP and can be programmed via COM API, it’s the perfect tool to make Windows download anything you want. Unfortunately, this can also include malicious files. It is novel. Hack-ers are leveraging a component of the operating system itself to update their content. But the idea of bypassing firewalls isn’t new.

Through this it gets clear that just spending more money to protect our PCs with latest and greatest security systems is not the standalone answer to the hacking trouble, rather we will have to spend the resources required to track hackers down and jail them at one with the damages caused by them.

Read

The University of Missouri recently said to have been victimized by a computer hack, which disclosed more than 22,000 Social Security numbers of students at the University, both existing and earlier. The numbers had been compiled for a report. They were after that made accessible via a Web site using the University’s help desk, as the data was not washed out of the network after completing compilation.

It is the 2nd hack on the University of Missouri this year. During January, both Social Security numbers and student passwords had been pilfered. The present attack is under the investigation of the FBI. Campus IT people spotted the attack on Friday, when the hacker exploited a hole in a campus web site that is utilized to question regarding the status of trouble reports to the university’s PC help desk.

The attacks came about between 5:26 a.m. Thursday and 9:34 a.m. Friday, and were marked out to IP addresses positioned in China and Australia.

Read

Shanghai-based Xinmin Evening News was recently reported to have said on Sohu.com that some hackers allegedly hacked satellite TV signals in southern China to broadcast anti-government messages. As a result of the hacking, viewers started complaining that their TV screens remained blank for about two hours or displayed anti-government messages for 30 to 40 seconds evening.

The report didn’t explain the content of the messages aired in Guangdong province. While, TV station operators revealed viewers that hackers might have taken control of their satellites, added by the report. A receptionist who responded the phone at a cable TV operator in Guangdong maintained the occurrence is related to a satellite trouble that has been fixed.

Read

Warning PC users, PC Tools said that rise of malware all through the world is now exploding. The security firm said that cyber creeps could now be minting as much money as a small nation because of many trends detected by the company’s research center.

Adding more to the points, the company also claimed to have made out virus and spyware attacks getting combined so as to be more complex and aiming at confidential or sensitive information specifically. The fundamental signatures of Trojans are also getting changed to puzzle online scanners.

Michael Greene, vice president of product strategy for PC Tools, commented:

It’s a massive problem and this is why we are facing one of the most significant Internet security battles ever. Everyone is vulnerable.

Very last month, Sophos was reported to have said that the number of latest malware threats emerging out over doubled through the Q 1 of 2007 likened with the similar stage previous year.

Read

Well, with the sole aim of making most out of the cyber world, hackers utilize many a different techniques, which, to our surprise, are normally not known to us. Sometime ago, there was news of cybercrooks making use of the Google ads that also brought about irreparable losses to many users, and now as told by Dan Hubbard, vice president of security research at Websense, the tainted web pages, which at first came into existence in late 2005, are said to be turning up as Google ad links, on Wikipedia and elsewhere, “from top-tier names to mom and pop bakery shops.”

The web pages are being corrupted by cyber criminals in the tens of thousands. The hackers, by hitting vulnerabilities in the IE browser, instill small programs that link the computer of anybody who just hit clicks on the tainted page to a “mother ship” server, based generally in Russia or China. The “mother ship” server gathers data, which is typed into online forms - banking logins and shopping cart transactions. The central server is also said to seize the intercepted computer into a network of exploited PCs, called “bots,” to disseminate spam.

Read

A startling report released recently on the official Internet news service of the U.S. Air Force warned consumers of monitoring their bank account statements to evade fraud. The report tells the story of an investigation, which was held following a Colorado airman detected that his bank account was $124.90 below it should have been.

A Peterson AFB branch of 5-Star Bank, the man’s bank claimed to have detected that scammers in fact brought about random account numbers, wherein they made an attempt to put one cent. While one of the small deposits is clarified, the crooks make out to have stumbled on a live account and start taking out funds from it.

Turns out the criminals had mechanized the procedure: The charges seemed to have originated from Equity 1st Mortgage, located in Wilmington, N.C. An employee at the mortgage company maintained to have made the charges, however that almost 100 phone calls have been handled by her from scam victims since 2006. The withdrawn amount was the equal in each case and took place at the start of the month, undoubtedly to remain well prior to the issuance of end-of-the-month bank statements.

The story also warns of the scammers benefiting from validation vulnerabilities amongst businesses making use of the (ACH) automated clearinghouse system, which is a private electronic payment network that connects banks to each other using the Federal Reserve. The banks make use of the network to process big amounts of payroll, credit and debit card transactions, however it also smoothes the progress of direct payment of consumer bills like mortgages, loans and utility bills, plus business-to-business and federal, state and local tax payments.

Read