Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime

Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime 

All of us, who are associated or directly involved in this cyber domain know very well that its almost impossible to stand against the rising cyber crime & cyber criminals. Then the very first question will arise and that is, what is the solution? The answer will be tie-up collaboration, unity in diversity. That means if we stand together and help each other, then definitely we can control cyber crime, not only that but also we can have a safe and secure cyber space. While talking about co-operation and collaboration then a live instance is here for you. It is your favorite social network, Facebook who stand against cyber criminals and donate $250,000 to help fight cyber crime. According to UAB News - The Center for Information Assurance and Joint Forensics Research at the University of Alabama at Birmingham has received a $250,000 donation from Facebook in recognition of the center’s role in tracking international criminals behind social-media botnet Koobface as well as other spammers. The donation, which comes from money Facebook has recovered from spammers located around the world, will be used to expand the new CIA|JFR headquarters. 

“As a result of numerous collaborations over the years, Facebook recognizes the center as both a partner in fighting Internet abuse, and as a critical player in developing future experts who will become dedicated cybersecurity professionals,” says Joe Sullivan, chief security officer at Facebook. “The center has earned this gift for their successes in fighting cybercrime and because of the need for formal cybersecurity education to better secure everyone’s data across the world.”  

Here we want to remind our readers that 'Koobface' was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. Earlier in this year the entire Koobface gang was exposed and the C&C server of Koobface has been stopped prenatally by few German Researchers. 

With this story here we, the entire VOGH Team would like to congratulate the team at the University of Alabama at Birmingham on the donation from Facebook. More power to them and similar experts around the world, helping investigate cybercrime and making the online world a safer place! 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Facebook Donates $250,000 to University of Alabama at CIA|JFR to Fight Against Cybercrime"https://www.voiceofgreyhat.com/2012/10/Facebook-awarded-University-of-Alabama-to-Fight-Against-Cybercrime.html</a>

Koobface Malware Gang Exposed & Comamnd and Control (C&C) Servers Stopped

We are quite sure that Facebook user will never forget the dangerous malware named "Koobface". According to facebook security team it was the most dangerous malware ever made to infiltrate Facebook made by few Russian hacker. The hackers, known as the Koobface gang, sent Facebook users attractive invitations to watch a funny or sexy video. When the unsuspecting users clicked the link, the message appeared saying that their computer’s Flash software needed updating. The “update” was in fact malware that hijacked the user’s clicks and delivered them to advertisers, making the hackers money -to the tune of over $2 million annually. According to Kaspersky Labs the network of infected computers included between 400,000 and 800,000 PC. 

Now facebook take decision to expose the five men alleged to be behind the malware told Ryan McGeehan, Facebook security official. "The thing that we are most excited about is that the botnet is down." said McGeehan. Yesterday, Facebook decided to publish the names of alleged gang members based on details of research carried out in 2009-2010 by two German researchers. One of the researchers works for Security company Sophos. 

To know who was behind the koobface malware or in short to know the exposed Koobface malware gang click Here

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Koobface Malware Gang Exposed & Comamnd and Control (C&C) Servers Stopped"https://www.voiceofgreyhat.com/2012/01/koobface-malware-gang-exposed-comamnd.html</a>

Twitter Stimulates Online Crime

 

According to Kaspersky Lab the security company, ever-since the micro-blogging website Twitter was introduced during July 2006, numerous people have been utilizing it in their daily lives for communicating messages crafted within the standard 140 characters, published ITWeb in news on April 14, 2011.

Yet, in spite of the many flashy demographics along with an increased growth of Twitter, the website has had to fight a large number of malware incidences. These incidences are as varied as click-jacking, account compromising, Trojans, and hacks that have enabled cyber-criminals to use the service widely for launching assaults across the Web.

Says security researcher Timothy Armstrong at Kaspersky Lab, there has been many historical developments in the security of Twitter despite it being more-or-less young. Attacks on it have been varied such as hacked admins, trending topics and account compromises amongst others, he adds. ITWeb published this on April 14, 2011.

Further according to Timothy, during August 2008, cyber-criminals attacked Twitter wherein they crafted a malicious web-page containing an advertisement promoting one erotic film. So when anyone clicked on it, he became contaminated with a Trojan-downloader that disguised as an Adobe Flash update.

Also, during 2009, several versions of a Cross-Site Scripting (XSS) virus attacked Twitter. Innumerable messages apparently, signed off from Mikey emerged as the virus spread. Again in 2009, online crooks compromised Twitter trending subjects for delivering malicious software.

Thereafter, one fresh Koobface variant shortly facilitated in propagating its infection via Twitter accounts. Thus, when a contaminated member tried to access the website, Koobface compromised the communication session following which it masqueraded as that member and tweeted in contaminating his contacts.

Meanwhile, even with the lot of security measures adopted for aiding in lessening security threats, it appears that different stages of assaults will continue to hit social-networking websites. For, hackers still manage to invade the broadcasting arena easily because of its ready availability on social websites by abusing trending topics.

Given this, Armstrong concludes that it's thus important that users remain wary of the different kinds of malware, which Twitter has encountered owing to cyber-criminals' active exploitation of the site, reported ITWeb.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Twitter Stimulates Online Crime"https://www.voiceofgreyhat.com/2011/04/twitter-stimulates-online-crime.html</a>

Every 14 Programs Downloaded by Windows Users Turns out to be Malicious

The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.
In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.
Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.
So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.
Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.
Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.
"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.
In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.
IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.
Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."
When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Every 14 Programs Downloaded by Windows Users Turns out to be Malicious"https://www.voiceofgreyhat.com/2011/05/every-14-programs-downloaded-by-windows.html</a>

McAfee Threats Report: Second Quarter 2011

McAffee released its security threat report  today, announcing that 2011 has seen spikes in several different types of online security threats. “The second quarter of the year was clearly a period of chaos, changes, and new challenges,” according to the report.

The Report Contents:-

• Hacktivism

• Mobile Threats

• Cybercrime

• Malware Threats

• Adobe outpaces Microsoft in Attracting Exploits

• Messaging Threats

• Web Threats

According to McAffee:-

"The threat landscape of 2011 is undergoing a year of chaos and change. We see chaos in the major challenges that hacktivist groups such as LulzSec and Anonymous pose, and change in the shifts in new malware classes and targeted devices. This quarter McAfee Labs saw major hacktivist activity—but in a very different way. The group Lulz Security, LulzSec for short, differs from other hacktivist groups in that they had no specific goals. They were in it, as they claimed, for the “lulz” (LOLs in text messagespeak, or “laugh out loud’s” ) but
showed an agility at compromising networks and servers, and stealing usernames, passwords, and other data. LulzSec committed multiple intrusions against a wide variety of companies, as well as attacks against police departments and intelligence agencies, and many other compromises. Although many of the outcomes and uses of these compromises are still in play (and we provide a helpful overview of the quarter’s activity) one thing has become clear: Many companies, both large and small, are more vulnerable than they may have suspected. Further, the security industry may need to reconsider some
of its fundamental assumptions, including “Are we really protecting users and companies?” Although LulzSec may have ceased its operations during this quarter, the questions they and other hacktivist groups have raised will be debated for a long time.
One significant change in the first quarter of 2011 was Android’s becoming the third-most targeted platform for mobile malware. This quarter the count of new Android-specific malware moved to number one, with J2ME (Java Micro Edition), coming in second while suffering only a third as many malware. This increase in threats to such a popular platform should make us evaluate our behavior on mobile devices and the security industry’s preparedness to combat this growth.
We also saw an increase in for-profit mobile malware, including simple SMS-sending Trojans and complex Trojans that use exploits to compromise smartphones. We offer an update of cybercrime “pricebooks” as well as some changes to toolkit and service prices. “Crimeware as a service” and the burgeoning “hacktivism as a service” continue to evolve as interests and targets change. On the positive side, there were some significant victories against cybercriminals this quarter.
Continuing the change theme, we observed a considerable decrease in both AutoRun and Koobface malware, offset by a strong rise in fake-anti-virus software that targets the Mac. Apple’s OS X has been mostly ignored by malware writers for years, so this represents a significant change of target
for cybercriminals. Malware continued its overall growth during the quarter as did rootkit malware. Rootkits, used primarily for stealth and resilience, makes malware more effective and persistent; its popularity is rising. Rootkits
such as Koutodoor and TDSS appear with increasing frequency. The amount of malware that attacks vulnerabilities in Adobe products continues to overwhelm those in Microsoft products.
Botnets and messaging threats, although still at historic lows, have begun to rise again. We expected this recovery after some recent botnet takedowns. Users and enterprises must plan for this growth and prepare their defenses and responses accordingly. We again examine social engineering subjects by both
geography and subject and botnets by geography and type.
We saw several spikes in malicious web activity this quarter as well as some serious growth in blogs and wikis with malicious reputations. Sites that deliver malware, potentially unwanted programs, and phishing sites also increased.
The second quarter of the year was clearly a period of chaos, changes, and new challenges."

To Download The Full report Click Here

-News Source (McAffee)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">McAfee Threats Report: Second Quarter 2011"https://www.voiceofgreyhat.com/2011/08/mcafee-threats-report-second-quarter.html</a>

An army of techies waging war on spam

It's a vast, invisible battle, going on all the time - and, unbeknownst to you, your computer may be one of the battlegrounds.
The struggle pits thousands of smart, evil folks, who send out trillions of pieces of spam e-mail, against the people in law enforcement and business guarding against them and trying to shut them down.
On the front lines against spam and cybercrime, some analyze malicious computer code (malware), and others - in the young science of cyberforensics - examine computers and drives confiscated in investigations.
Spam - hated word - is again in the news. A May 3 FBI alert warned of e-mail carrying purported images or videos of Osama bin Laden. "This will leave you speechless)," the spam says. "See picture of bin laden dead!"
Don't even open it, warned the alert. "This malicious software or malware can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends, and family members."
Pumped out by networks (botnets) of malware-enslaved personal computers, unwanted e-mail - random junk, ads, porn, viruses, Trojan horses, get-rich-quick offers from Nigerian nobility - makes up most of all e-mail sent in the world. By far. Estimates range around 80 percent - but a 2007 Microsoft security report in October put it at 97 percent. It ranges from crud to criminal. As for malware, the United States has about 2.2 million computers (more than any other country) infected, according to Microsoft numbers (likely to be low).
"I guarantee," says FBI Special Agent Brian Herrick, director of the FBI Cyber Crime Squad in Philadelphia, "that thousands of Inquirer readers probably have computers infected with spam or malware, part of a botnet just pumping out spam."
The cyberthugs have an advantage, says Special Agent Cerena Coughlin, also of the Cyber Crime Squad. "We can stop them for a while, but they always come up with ways to circumvent it. And we're more restricted. We have to follow the letter of the law - they don't."
The extent of it is staggering. Before U.S. marshals took it down in March, the Rustock botnet was pumping out an estimated 30 billion spam e-mails a day. The botnets - big names include ZeuS, SpyEye, Dogma, Koobface, and Alureon - are run by criminal groups that use servers and supercomputers in several countries. Tracing their activity is extremely difficult and calls for highly skilled technical workers.
One of 16 such FBI squads in the country, the Philadelphia Cyber Crime Squad has 15 agents working full-time on cybercrime; the national program began in 1996. Working with national and international agencies, the squad studies and traces viruses, junk, and spam. Cases involve computer intrusions (everything from local hackers to international cyberespionage and terrorism), child exploitation (as in pornography), intellectual-property rights (copyright infringement, movies, music, software, proprietary business secrets), Internet fraud, and identity theft.
Coughlin says, "We are insanely busy. This is the third-busiest squad in the country, because of where it is and all the affected business and government concerns nearby. We don't have enough bodies for all the work there is."
In the Philadelphia area, the FBI joins hands with local businesses such as banks, agribusiness, and utilities (enterprises often attacked by spam and cybercrime) in a group called InfraGard. There are more than 1,400 local members - "So many people want to be part of it that we don't even need to solicit members," Coughlin says.
At monthly meetings, members share information, news, and tips. The FBI gives presentations and talks, and individual members speak about the cases they face. "It's a communication channel," Herrick says, "between the U.S. government and people in industry down in the trenches, looking to protect critical infrastructure."
Current president of the local chapter of InfraGard is Brian Schaeffer, chief information officer of Liberty Bell Bank in Marlton. He says, "I get thousands of cyberattacks a day. A lot of them are idiots just wanting to show what they can do. But a lot of them are looking to access banking information."
Like most banks, Liberty Bell has a strong firewall, "so hackers take a back-door approach," sending bank clients "phishing" e-mails - which pretend to be trustworthy communications but hide nasty intentions. "If a client even opens such an e-mail, they can get into their account information, their contacts, the keys to the kingdom."
Such attacks mean that "not only do I have to defend my own system, but also I try to help the customers with theirs. If their computers get infected, their account and credit information could get sold to strangers, and that could hurt us all." Schaeffer tells of an elderly couple who came to his bank one day, and just by coincidence, a bank clerk brought him a suspicious request "to withdraw a huge amount of money from their account - but there they were, sitting with us, so we knew some hackers had got at their information through e-mail."
He says InfraGard "has given me a network of people I can go to if I see things I never saw before. If I have a question, there's likely to be someone with an answer."
The other side of the battle is cyberforensics. Think of it as CSI with computers. It's happening right now, with the cache of computers, flash drives, and other cyberstuff taken from Osama bin Laden's compound in Abbottabad, Pakistan. U.S. agents instantly began to analyze this precious trove for criminal evidence - and links to other al-Qaeda operatives.
Work much like this goes on in Radnor at the FBI's Regional Computer Forensics Laboratory, one of 16 such labs in the country. As with InfraGard, the flavor is distinctly federal/local. Law enforcement agencies - such as the police departments of Philadelphia, Lancaster, Lower Merion, and Lower Providence - send officers to guest-work at the lab and receive training and experience in fighting computer crime.
Supervisory Special Agent J.P. McDonald directs the lab, which has been involved in some of the highest-profile local investigations of recent years, including the 2007 Fort Dix attack plot, the manhunt for the Coatesville arsonists, the case of former State Sen. Vincent J. Fumo, and the 2007-08 "Bonnie and Clyde" case of Jocelyn Kirsch and Edward Anderton, now in prison for fraud and identity theft.
"You can track the growth of cyberforensics along the same timeline as computers," McDonald says. "The FBI's program began in 1999, and, as of the mid-2000s, cyberevidence now has recognition and a firm track record in courts."
The lab is a techie's paradise, with gadgets and screens galore, racks of digital evidence sealed in antistatic wrap, sophisticated hard-drive readers, radiofrequency-shielded spaces, and kiosks for quick analysis of cell phones and thumb drives. "The majority of what we do," McDonald says, "is analysis of what's in a machine, how it got there, and then making a timeline of the history of what got there when."
"People's electronic devices are really an extension of their thoughts," says Philadelphia Police Lt. Edward Monaghan, deputy director of the lab. "If you're into NASCAR, you're likely to have NASCAR stuff in your computer. Thugs who are into drugs and money like to have their pictures taken with drugs, guns, and money. It sounds dumb, but they love it. That's what cyberevidence is all about."
The FBI's Herrick is resigned to a long battle: "There's probably some high school kid someplace in the Midwest - or maybe Europe or Asia someplace - who's cooking up something nobody's ever seen before. You really have to stay on your game with these guys."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">An army of techies waging war on spam"https://www.voiceofgreyhat.com/2011/05/army-of-techies-waging-war-on-spam.html</a>