Showing posts sorted by relevance for query TriCk. Sort by date Show all posts
Showing posts sorted by relevance for query TriCk. Sort by date Show all posts

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Pleads Guilty

Posted by Avik Sarkar On 7/05/2012 05:19:00 pm

Junaid Hussain aka "TriCk" -TeaMp0isoN Leader Pleads Guilty at London's Southwark Crown Court

Earlier in this year MI6 arrested the leader of TeaMp0isoN code named "TriCk" along with few other active members who ware directly involved behind the Denial of Service attack on MI6 hotline. Few days later some other members of this hacker group tried to threaten the Govt while saying "it will fight back against the arrest of its members." But now all these efforts seems worthless because the leader of infamous hacker collective group "TeaMp0isoN" has pleaded guilty to stealing the address book details and other private data from former British Prime Minister Tony Blair in June of last year. According to the sources Junaid Hussain, also known as "TriCk", has now admitted to hacking into a Gmail email account belonging an advisor to Blair by the name of Katy Kay. 
Hussain, 18, from Birmingham, said that he used an ID "Trick" to access the aide's account and steal confidential data including addresses, phone numbers and email addresses belonging to Blair, his wife, and sister-in-law Lyndsye Booth, as well as Members of Parliament (MPs) and Members of the House of Lords. Ben Cooper, Hussain's lawyer, told the court that the offences had just been a prank. After admitting to conspiracy and computer charges at London's Southwark Crown Court, Judge Peter Testar granted Hussain bail until sentencing later this month, advising him to be "under no illusions" that he may go to prison. Hussain has also confessed to taking part in and leading members of the hacker group to attack the UK national Anti-Terrorist Hotline with hundreds of hoax phone calls and involvement with hacktivist Anonymous in #OpRobinHood, #OpCensorThis and few more.






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

PDF Malware Using New Tricks to Exploit Vulnerability

Posted by Avik Sarkar On 4/30/2011 03:06:00 am


Security researchers have identified a new trick in PDF files being sent as email attachments that obfuscate attack code by encoding it inside an image file.

Malicious PDF files are using a new trick to avoid detection by almost all major antivirus scanners on the market, according to security researchers. Researchers from Avast and Sophos independently noticed PDF files making the rounds in March that weren’t being flagged as malicious but had the ability to compromise a machine just by being opened. The originating address was often suspicious, and the attachments accompanied emails purporting to be an order receipt. The attachments themselves often had names containing the supposed order number.
When the attachments were opened under Adobe 8.1.1 or Adobe 9.3, the compromised computer would connect to a remote site and download malware, usually SpyEye, ZBot  or FakeAV, Paul Baccas, a senior threat researcher at Sophos Labs, wrote on the company’s Naked Security blog on April 15.
“The PDFs did not seem to be using any exploit that I could see and yet they were downloading malware,” wrote Baccas.
It turned out these files were using a new trick to re-exploit the CVE-2010-0188 vulnerability Adobe had patched over a year ago on Feb. 16, 2010, according to Baccas.
The exploit is specific to Reader and would not execute in Google Chrome’s PDF Plugin, Jiri Sejtko, a senior virus analyst and researcher at Avast Software, wrote on the company blog April 22. While that’s a good sign, Chrome generally asks users if it should open the file in Reader if it can’t display the file correctly. In this day and age, many users would likely say yes, making them vulnerable, according to Sejtko.
The PDF specifications allow several filters to be used on raw data, either singly or in conjunction with each other, Sejtko said. Anyone can create valid PDF files where the data uses five different filters, or even multiple layers of the same filter. This allows malware authors to embed malicious code deep inside the filters, out of reach of even the most aggressive scanner.
“Our parser was unable to get any suitable content that we could define as malicious,” Sejtko said.
Files exploiting this vulnerability normally use an XML file that contains the raw data for a TIFF image file containing highly obfuscated code, Baccas said. In this case, the attackers were using parameters to control how the filters operate and crafting the attack code embedded in the raw data to conform to these parameters.
The filter being used to encrypt the malicious code was also meant to be used only for black and white images. The exploit detected by Avast researchers combined two filters, one for text and one for images, to hide the payload.
“Who would have thought that a pure image algorithm might be used as a standard filter on any object stream?” Sejtko said. While the “bad guys” are building a specially crafted TIFF image file in the PDF files, the trick can be used to hide special JavaScript and font files, as well.
Compared to other attacks, this attack is seen in “only a very small number” of attacks, Sejtko said, but has also been used in targeted attacks. While the CVE-2010-0188 flaw has been closed in current versions of Adobe Reader, users on older and unpatched versions of the software remain vulnerable to these malicious PDF files.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Jailed

Posted by Avik Sarkar On 8/01/2012 02:10:00 am

Junaid Hussain aka "TriCk" -Former Leader of "TeaMp0isoN" Jailed For 6 Months

Former leader of infamous hacker collective group TeaMp0isoN named Junaid Hussain also known as "TriCk" was sentenced to six months in prison for accessing the Gmail email account of former special adviser of Tony Blair and publishing details from her contacts database. Earlier in this year MI6 arrested the TriCk along with few other active members of TeaMp0isoN  who ware directly involved behind the Denial of Service attack on MI6 hotline. Hussain had previously pled guilty to the conspiracy and computer charges which arose from the publication of phone numbers and email addresses of Members of Parliament and the House of Lords and a separate event which left the national anti-terror hotline "permanently engaged" for three days. Hussain has also confessed to taking part in and leading members of the hacker group to attack the UK national Anti-Terrorist Hotline with hundreds of hoax phone calls and involvement with hacktivist Anonymous in #OpRobinHood#OpCensorThis and few more. "Hussain's actions were foolish and irresponsible," said detective inspector Stewart Garrick of the Police Central E-crime Unit. "Today's sentencing emphasises the seriousness of his offence and should act as a deterrent to anyone else who feels that they can act in such a manner." 


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

TeaMp0isoN Threatened Authorities After Leader's Arrest

Posted by Avik Sarkar On 4/19/2012 06:01:00 pm

TeaMp0isoN Threatened Authorities After Leader's Arrest 

Few days ago a hacker collective group named TeaMp0isoN took responsibility of hacking into British intelligence agency (MI6). Immediately after the attack MI6 arrested the leader of TeaMp0isoN code named "TriCk" along with few other active members who ware directly involved behind the Denial of Service attack on MI6. But the story is not over yet. The official twitter account of TeaMp0isoN issued a warning that it will fight back against the arrest of its members. 

The group linked to a Pastebin statement with a call for other hackers to unite in attacking law enforcement agencies. 

Message of TeaMp0isoN:- 
"We've lost the first and most important member of our team; our founder, our brother, our family member. Most importantly we lost a fighter for freedom, a fighter against corruption.
He strived for justice, and constantly fought against oppression and corruption, to help spread awareness on humanitarian causes, and now, he is no longer with us.
Most of you think that this is end of TeaMp0isoN and that this is end of our fight.
We're glad to shout:
#################################
#_ITS NOT OVER, IT JUST STARTED_#
#_ITS NOT OVER, WE ARE STRONGER_#
#_ITS NOT OVER, WE ARE UNITED_  #
#################################

I ask you, a fellow hacker, as a blackhat, to rise, to unite and to fight. For years the hacking scene for the most part has been misrepresented by skids, who have inevitably led to the copious amounts of faggotry and butthurt which currently pollutes the scene. Whitehats continue to lurk and grow, and nothing is preventing them from disclosing exploits.
As a collective we have to stop this, to ascend out of the underground and show the world we are not fucking around, something which TriCk firmly believed in. We, as hackers, have to unite to revive the blackhat scene, for TriCk... and everything that we stand for.
Do you support TeaMp0isoN? Help out via:
irc.tsukihi.me
#retaliation
-----------------------------------------
root@TeaMp0isoN:~# rm -rf skids/*
root@TeaMp0isoN:~# rm -rf whitehats/*
root@TeaMp0isoN:~# rm -rf governments/*
root@TeaMp0isoN:~# rm -rf justicesystem/*
root@TeaMp0isoN:~# rm -rf police/*
-----------------------------------------  ..."

Earlier TeaMp0isoN was directly involved with Anonymous in #OpRobinHood #OpCensorThis. Also they have found SQL-i vulnerability on the Official NASA forum, and like this attack TeaMp0isoN also hacked English Defence League (EDL) and exposed members personal data & many more.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Malware targeting OS X users

Posted by Avik Sarkar On 5/14/2011 03:19:00 pm


If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.
If you ever see a message or window in Safari or your e-mail client about your system's security being compromised, ignore it! Malware developers and scammers are increasingly focusing on OS X and working to trick Mac users with highly developed Trojan horse attempts, using both software and ominous-looking messages generated in Web browsers and e-mail clients. Recently some rather sophisticated Trojan horse scam software called Mac Defender was discovered for OS X, and a similar attempt has surfaced with a Web-based malware-detection facade that tries to get you to download and install malware on your system.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

Posted by Avik Sarkar On 6/17/2012 02:48:00 am

Flame -The "Super Spy" Even On Offline Computers Turning Users into Data Mules

The program known as Flame has fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Now researchers have discovered another unexpected tool in its data-stealing arsenal: You.
Malware analysts at the security firm Bitdefender say they’ve found a unique capability within Flame’s code that would potentially allow it to steal data even from computers that aren’t connected to the Internet or to other networked machines. Instead of simply uploading stolen data to a remote server as traditional spyware does, Flame can also move the target information–along with a copy of itself–onto a USB memory stick plugged into an infected machine, wait for an unwitting user to plug that storage device into an Internet-connected PC, infect the networked machine, copy the target data from the USB drive to the networked computer and finally siphon it to a faraway server.
Spreading itself over an infected USB device is hardly a new trick for malware. But Bitdefender’s researchers say they’ve never before seen a cyberespionage program that can also move its stolen digital booty onto the USB stick of an oblivious user and patiently wait for the opportunity to upload it to the malware’s controllers.
“It turns users into data mules,” says Bitdefender senior malware analyst Bogdan Botezatu. “Chances are, at some point, a user with an infected flash drive will plug it into a secure computer in a contained environment, and Flame will carry the target’s information from the protected environment to the outside world…It uses its ability to infect to ensure an escape route for the data. This is is somewhat revolutionary for a piece of malware.”
Flame was designed to use the same .lnk autorun vulnerability first exploited by the NSA-built Stuxnet malware to invisibly install itself on USB devices. To hide its trove of stolen data on the user’s device, Flame copies both itself and its data to a folder labelled with a single “.” symbol, which Windows fails to interpret as a folder name and thus renders as invisible to the user. “What we have here is a little hack/exploit performed on how the operating system is interpreting file names,” Bitdefender’s researchers wrote in a blog post on Flame last week.
When an infected USB is plugged into a networked machine, Flame checks that it can contact its command and control server through that computer. Then it moves its target data off the USB to the PC, compresses it, and sends it to the remote server via HTTPS, according to Bitdefender’s analysis. The researchers found that while Flame is capable of infecting networked PCs for the purpose of exfiltrating its data, the version they analyzed had rendered that infection capability inactive, perhaps to avoid the spyware spreading too far, so that only PCs already infected with Flame would be capable of acting as gateways back to the malware controller’s server. The fact that the spyware’s infection technique was turned off may be evidence that the “data mule” in the Flame operation may in fact have been aware of his or her role as an data smuggler.


Regardless, Botezatu says Flame’s USB-piggybacking trick fits with its profile as a highly sophisticated spying tool meant to steal a target’s most protected secrets–not just another cybercriminal keylogger designed to catch credit card numbers. “Most of the infrastructure it targets is highly contained, often without Internet access,” says Botezatu. “It’s natural for Flame to have a mechanism for moving data from one environment to another that doesn’t rely on Internet or network communications.” For additional details can be found here

-Source (Forbes)






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Flashback.G Trojan Targeting Mac Users While Stealing Passwords

Posted by Avik Sarkar On 2/26/2012 10:44:00 pm

 Flashback.G Trojan Targeting Mac Users While Stealing Passwords
Remember earlier MAC Security Blog reported that the latest version, Flashback.D, has gotten a bit sneakier. First, it checks to see if the user is running Mac OS X in VMware Fusion. If so, it does not execute. It does this because many malware researchers test malware in virtual machines, rather than infect full installations, as it is easier to delete them and start over with clean copies. This means that security researchers analyzing and looking for this malware need to be running regular Macs.
 Yet again Mac users became the victim of another trojan. This new Trojan virus is capable of infecting their computers and stealing passwords to services such as Google, PayPal, online banking & so on. This virus is using a new installation method When a user visits a crafted web page, the new variant either tries to exploit two old security vulnerabilities or deploys a Java Applet which tries to trick the user into believing it has been certified by Apple. According to Mac Security Blog (Intego):- This new variant of the Flashback Trojan horse uses three methods to infect Macs. The malware first tries to install itself using one of two Java vulnerabilities. If this is successful, users will be infected with no intervention. If these vulnerabilities are not available – if the Macs have Java up to date – then it attempts a third method of installation, trying to fool users through a social engineering trick. The applet displays a self-signed certificate, claiming to be issued by Apple. Most users won’t understand what this means, and click on Continue to allow the installation to continue.
It is worth noting that Flashback.G will not install if VirusBarrier X6 is present, or if a number of other security programs are installed on the Mac in question. It does this to avoid detection. It seems that the malware writers feel it is best to avoid Macs where the malware might be detected, and focus on the many that aren’t protected.
Earlier also Mac users faced such attacks where OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten" targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal informations.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Full Disclosure Of Pentagon Data-breach

Posted by Avik Sarkar On 7/19/2011 01:42:00 pm


We're all human, you know? That's roughly the trick that the hackers most likely relied on when, earlier this year, they managed to steal over 24,000 files from a defense contractor.
The Pentagon won't say what files went astray, or the level of secrecy associated with the contents of the stolen data. But we can assume that at least some of it was highly secret—secret enough that Deputy Defense Secretary William J. Lynn III felt compelled to admit to the attack during a speech about the future of cyber policy yesterday. Lynn said it concerned some of the U.S.'s "most sensitive systems, including aircraft avionics, surveillance technologies" and more, before hinting that foreign powers were behind the attack and using it to declare cyberspace the next battleground.
What went down? Fast Company spoke to Nick Percoco, digital security expert and SVP at Trustwave's SpiderLabs, and familiar with exactly this sort of cyberattack, to get some insight.
How The Hack May Have Begun: Email Scams
The fact that the 24,000 stolen files came from a defense contractor is significant, Percoco notes. It's likely easier to get this sort of data from a contractor than launching an all-out attack on Pentagon servers themselves, because companies are full of people—people who are used to doing business in our digitally connected world. And even though an employee of a defense contractor is probably way more switched on to digital security than you or I, it's still not impossible to cheat someone with access to secret files into placing malware on their work laptop.
All it would take for a dedicated hacker is some basic research. If you wanted to steal data like this, you could start by targeting a particular employee via email—"We've seen this happen to defense contractors," Percoco notes. "Using technology like Google, and LinkedIn and other social networks" hackers could find out who best to target. Say they pick a particular EVP, and work out their email address is "JohnSmith@defencecontractorX.com." Then they work out who their colleagues or bosses may be all the way up to CEO level.
Then it's as simple as going to a source of hacking code using your underworld contacts (or using some of your own) and getting access to a "zero day exploit"—a new loophole in a computer or software system's security that hasn't been publicly discovered yet, and hence is still open for hacking use.
This is where the hack escalates. "In this case, they'd been looking for a zero-day exploit in, say, the Adobe PDF reader. And then they'd take a nice creative pen out and draft up a document that looks like it should be something important," Percoco said. After this, the hacker would set up something like a disposable Gmail account and make the screen name the same as one of the target's peers or the CEO of the company. Then they'd "craft up an email that says 'Here's an important document, some new announcement we're working on. Please review it and be ready for a call at 10 a.m. today.'" The trick is to send this to the target at around 7:30 a.m. local time, because the "best time to send those types of things is right before someone's had their coffee."
Typically the sleep-addled victim would trust the email as it's supposedly from a colleague, then launch the embedded PDF (or other faked document). Usually it causes the newly launched program—Adobe Reader in this example—to crash. But as it crashed, it would actually be installing malicious code on the machine. The virus is injected.
How The Attack Began: Website Sting
A similar attack is possible using a faked-up website that looks like it's actually related to the target company—one of those odd-looking, badly maintained websites that kinda looks official that we've all surfed to at some point and been confused by.
Some of these are actually storage pens for targeted malicious code, carefully honed to appear high on Google searches with SEO tricks. And when, say, a marketing official from the target company Googles to find out how their brand is being referenced around the web, they may stumble across one of these fake sites and trigger the release of malware onto their machine.
What Happened Next: Access Is King
Once the malicious code has been installed on the machine, the "sky's the limit," particularly via the email exploit. A well-coded virus code can evade detection and hide on the computer, doing various wicked things.
Often the "sole purpose of the executable is to go and find files on the person's computer and archive those in a zip file or RAR file, and then attempt to extract them from the system," Percoco said, based on his experience. The code could try lots of different routes, using FTP or HTTP or other protocols to get those files off the system. It's something he's seen in "many environments" and, worryingly, they're often "highly successful in getting those files." The code is typically designed to work on Windows machines, with almost no such exploits targeted at Macs—but Percoco agrees that this is at least partly due to the assumption by a hacker that a business user will be using a PC, not a Mac.
The success would be based on the fact no one's seen this particular kind of attack before (a zero-day exploit payoff) and it would easily circumvent any protective anti-virus software installed on the machine—because the protection doesn't know to look out for this type of virus. The only real way to avoid this sort of attack for the target to "avoid clicking on documents," which is clearly unlikely in the case of a business computer user. 
A smarter hacker would select a network administrator at the target company, because they're human, too. Their machine likely has even more interesting files that have data on network security, what kind of code is let in and let out of company firewalls, and so on.
Getting access to this sort of data (via the same email hack as described above) could let a persistent hacker penetrate a company's network and install a backdoor onto it—totally circumventing security because then "the attacker doesn't have to come in from the outside, they have code running on that system that will basically open up a connection back to the attacker"—not something network security is expecting. Then you can gain access to passwords and credentials to worm your way in further, eventually finding whatever sensitive data you're looking for.
The result could be a grim violation of company security. "We've seen those for a number of years, in all sorts of companies including government-type companies as well," Percoco says. 
Who Did This?
It's easy to see how a hacker could gain access to a machine and even a company network, and how easy it can be to transfer stolen files from infected computers to the hacker. But whois the hacker? The Deputy Secretary of Defense was careful to link it to "foreign" attackers—and considering this year's hacking news, we're instantly imagining China is to blame.
Percoco says his company does hundreds of investigations every year on attacks like these, and it's "very, very difficult to trace an attack to a specific person and specific political motivation." That's unless it's a hacktivist attack, when a group like Anonymous posts the data online and admits it was to blame—and even then "you don't know where these people are actually located."
A hacker could take his laptop down to a coffee shop, buy a cup of joe and "get on their free Wi-Fi system. And now they go and start looking around the world to find a computer that has a security weakness." Once they find it, they can use the hacked computer for a targeting scenario like the one described above, where they send a tainted email. Anyone tracing the code back after the attack was detected may find it sourced on a corporate computer in, say, China. And then they're stuck—because no one's "going to let the U.S. government come in and do a forensic investigation on some business located in China." 
Furthermore, it's rare that even this first Net address is where the attack is coming from—"they're always jumping through one or many systems" Percoco says, which could be in numerous nations and thus completely confound any attempts to track them. Which means the attacker actually could be located anywhere.
The Cold Cyberwar?
Suddenly, there's a much more sinister angle to the Pentagon hack. Forget "The Chinese Way of Hacking." More like "Even More Malicious Hackers Looking Like They're Using The Chinese Way Of Hacking."

-News Source (Gizmodo)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

BlackBerry blog hacked TriCk (TeaMp0isoN)

Posted by Avik Sarkar On 8/10/2011 01:22:00 am

Research In Motion found its official BlackBerry blog hacked Tuesday morning, following statements the company made regarding the London riots. Rioters used RIM’s BlackBerry Messenger to communicate far more than using other social networks like Twitter or Facebook. In response to the riots, RIM tweeted, “We feel for those impacted by the riots in London. We have engaged with the authorities to assist in any way we can.”
As we noted yesterday, that seems to indicate that BBM isn’t as private as some rioters may have hoped. In response, a group calling itself TeaMp0isoN hacked the publicly facing Inside BlackBerry blog. The site is now down.
Before the site went down, we were able to capture the following message from the hackers:



Hacked Site:-

http://blogs.blackberry.com/



Mirror Link:-
http://www.zone-h.org/mirror/id/14614130


This hack is a response to this statement by RIM:-

    “We feel for those impacted by this weekend’s riots in London. We have engaged with the authorities to assist in any way we can. As in all markets around the world Where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement and regulatory officials. Similar to other technology providers in the UK we comply with The Regulation of Investigatory Powers Act and co-operate fully with the Home Office and UK police forces.”

    Dear Rim;
    You Will _NOT_ assist the UK Police because if u do innocent members of the public who were at the wrong place at the wrong time and owned a blackberry will get charged for no reason at all, the Police are looking to arrest as many people as possible to save themselves from embarrassment…. if you do assist the police by giving them chat logs, gps locations, customer information & access to peoples BlackBerryMessengers you will regret it, we have access to your database which includes your employees information; e.g – Addresses, Names, Phone Numbers etc. – now if u assist the police, we _WILL_ make this information public and pass it onto rioters…. do you really want a bunch of angry youths on your employees doorsteps? Think about it…. and don’t think that the police will protect your employees, the police can’t protect themselves let alone protect others….. if you make the wrong choice your database will be made public, save yourself the embarrassment and make the right choice. don’t be a puppet..

    p.s – we do not condone in innocent people being attacked in these riots nor do we condone in small businesses being looted, but we are all for the rioters that are engaging in attacks on the police and government…. and before anyone says “the blackberry employees are innocent” no they are not! They are the ones that would be assisting the police

    - TriCk – TeaMp0isoN -
    Greets To: iN^SaNe – Hex00010 – MLT – BlackHacker

    - Knowledge is Power . . . . .

    #FuckTheFeds
     Twitter: @TeaMp0isoN_..."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Microsoft Reports Increased Cyber Scams

Posted by Avik Sarkar On 5/13/2011 10:36:00 pm



Cyber criminals are increasingly targeting consumers with “marketing-like” approaches, according to the security intelligence report released by Microsoft.
As the general public becomes more aware of cybercrime, cybercriminals have gotten more sophisticated and continue to evolve their attack methods.
Microsoft’s latest report found that attacks were being run like marketing campaigns with fake product promotions, especially during events that generate a lot of media attention.
A “polarization” of cybercriminal behavior was discovered by the report, with a surge in the use of “marketing-like” deception tactics to steal money from people.
On one side, highly skilled criminals exploit the vulnerability in systems and networks of a targeted environment by acquiring special intelligence and using social engineering to trick intended victims in pursuit of a large payoff, the report says.

While on the other side are cybercriminals that use more “accessible methods, including social engineering tactics and leveraging exploits created by the more skilled criminals, to take a small amount of money from a large number of people.”
With the increased popularity of social networking, criminals create new opportunities to directly affect individuals as well as their friends, colleagues and family through impersonation, the report says.
In addition, these social engineering techniques trick people with false advertisements, fake security software, and pay-per-click schemes that generate cash when Internet links are activated, Microsoft reports.
"With more consumers and devices coming online every day, cyber criminals now have more opportunities than before to deceive users through attack methods like adware, phishing and rogue security software," Graham Titterington of Britain-based analyst firm Ovum told the AFP news agency.
"It's becoming increasingly difficult for consumers to decipher legitimate communications and promotions given the sophistication of tools criminals are using."
Rogue security software, or “scareware,” are virus software used to dupe Internet users by pretending to find viruses and other problems on computers and then offering to sell a program to fix the issue, according to AFP. In 2010, Microsoft reported that it detected and blocked this type of software on almost 19 million systems.
In addition, Microsoft reports that phishing targeted at online gaming sites reached a high of 16.7 percent of all phishing online. Phishing tactics, which use social networking as the “lure,” increased 1,200 percent from a low of 8.3 percent in January to a high of 84.5 percent in December of 2010.
Furthermore, Microsoft reports that Adware, which uses software crated to infect machines with pop-up advertisements, also increased by 70 percent from the second quarter to the fourth quarter of 2010.Two new Adware families that are the most prevalent malware in many countries, JS/Pornpop and Win32/ClickPotato, were responsible for the increase.
To guard against these growing threats, computer users are advised to update their computers with reputable security software, and by not clicking on links or opening files without making sure that they are safe.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Drone Fleets Are Vulnerable to GPS Spoofing & Can Be Hijacked By Terrorist

Posted by Avik Sarkar On 6/30/2012 03:26:00 pm

Drone Fleets Are Vulnerable to GPS Spoofing & Can Be Hijacked By Terrorist

Spying drones have always gone through with several controversies along with a lots of technical & security issues. Yet again a team at the University of Texas has managed to find a vulnerability in drones that allows an attacker to gain control of the unmanned vehicle and change its course. Professor Todd Humphreys and the team spoof GPS receivers in order to take control of the drones
According to an exclusive report of Fox News - A small surveillance drone flies over an Austin stadium, diligently following a series of GPS waypoints that have been programmed into its flight computer. By all appearances, the mission is routine. Suddenly, the drone veers dramatically off course, careering eastward from its intended flight path. A few moments later, it is clear something is seriously wrong as the drone makes a hard right turn, streaking toward the south. Then, as if some phantom has given the drone a self-destruct order, it hurtles toward the ground. Just a few feet from certain catastrophe, a safety pilot with a radio control saves the drone from crashing into the field.

Last year we came to know that a stealthy key-logger has hit the U.S. Drone logging pilots’ every keystroke as they remotely fly missions over Afghanistan and other war zones. Later Iran took responsibility of that cyber attack. But spoofers are a new problem for GPS-guided drones, allowing hackers to trick navigation systems with false information. Humphreys and the team have designed a device costing less than $1,000 that sends out a GPS signal stronger than the ones coming down from orbiting satellites. At first, the rogue signal mimics the official one in order to trick the drone, and once it’s accepted new commands can be sent to the UAV. US government says its aware of the potential dangers of spoofing, and officials from the FAA and Department of Homeland Security have seen Humphreys’ demonstration first hand. The Department of Homeland Security reportedly has a program in place to try and solve the problem of GPS interference, but it’s aimed at trying to deal with jammed signals, not spoofed ones.


-Source (FOX News, Slashgear)



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

Posted by Avik Sarkar On 8/31/2012 06:05:00 pm

Android Malware 'Loozfon' Targeting Female Android Users -Said Symantec

We are very much familiar to see Malware has targeted men by enticing them to view videos or pictures of a sexually-oriented nature. But here the story is totally different, recently Antivirus firm Symantec has discovered discovered 'Android.Loozfon' a rare example of malware that targets female Android users.
According to the symantec official blog -A group of scammers is attempting to lure female Android users in Japan into downloading an app by sending emails stating how the recipient can easily make some money. The email includes a link to a site that appears to be designed to assist women to make money simply by sending emails. When a certain link on the site is clicked, Android.Loozfon is downloaded onto the device. Other links direct the user to a dating service site that likely attempts to charge money to use the service, which supposedly helps women meet rich men.



If this trick does not work, the criminal group has another trick up its sleeve. It also sends spam that states that the sender of the email can introduce the recipient to wealthy men. When the link included in the body of the email is clicked, the malware is automatically downloaded onto the device. The downloaded app is titled “Will you win?” in Japanese. It has nothing to do with earning extra income or wealthy men.

If the app is installed and launched, it counts down from two to zero and then states that the user has lost. The app is programmed to lose every time, although there is nothing to either lose or win. It steals contact details stored on the device as well as the phone number of the device, which is the main goal of the malware. The scammers are likely harvesting email addresses in order to send spam to the contacts they were able to steal to lure them to the dating service site and/or sell the data to another group of spammers.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Posted by Avik Sarkar On 5/08/2012 12:36:00 am

Adobe Plugged Newly Found Zero-day Hole In Flash Player

Adobe warned that hackers are exploiting a critical vulnerability in its popular Flash Player program, and issued an emergency update to patch the bug. The vulnerability allows an attacker to crash the player or take control of an affected system. Adobe says that there are reports of this vulnerability being exploited in the wild as part of targeted email-based attacks which trick the user into clicking on a malicious file. Adobe released security updates for Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux, Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x. These updates address an object confusion vulnerability (CVE-2012-0779) that could cause the application to crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious file delivered in an email message. The exploit targets Flash Player on Internet Explorer for Windows only. 
Affected Software Version :- 
  • Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux operating systems
  • Adobe Flash Player 11.1.115.7 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and 2.x
Adobe recommends users of Adobe Flash Player 11.2.202.233 and earlier versions for Windows, Macintosh and Linux update to Adobe Flash Player 11.2.202.235. Flash Player installed with Google Chrome was updated automatically, so no user action is required. Users of Adobe Flash Player 11.1.115.7 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.8. Users of Adobe Flash Player 11.1.111.8 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.9. For detailed information and to see the security bulletin of Adobe click here.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Windows 8 Will Reduce Runtime Memory Usage

Posted by Avik Sarkar On 10/11/2011 06:22:00 pm


Microsoft has tweaked the use of memory in Windows 8 to help people juggle more applications and files with less physical RAM. In the latest Building Windows 8 blog, Bill Karagounis, group program manager for Microsoft's Performance team, detailed some of the tricks that the company has employed in the new OS to optimize the use of memory.
One such trick is memory combining. Windows applications can reserve multiple chunks of system memory, not just what for they need now but what for they may need in the future. The more apps that do this, the more memory used up.
Memory combining searches system RAM for duplicate content and then frees up the duplicates to hold just a single copy. If an app needs that freed-up memory in the future, Windows provides what's called a "private copy." Such a process can make anywhere from 10s to 100s of megabytes available, according to Karagounis.
A healthy amount of system RAM is also taken up by Windows services. Open Task Manager, click on the Services tab, and you'll see the sheer number of services chewing up precious memory. To make Windows 8 more memory efficient, Microsoft has removed 13 different services, changed a number of others from automatic to manual, and moved still others into a "Start on Demand" mode so they're not eating up memory from the get-go.
Yet another trick was to find various core but low-level components that have been in Windows for almost 20 years and consolidate certain ones so they don't take up as heavy a memory footprint as they would individually.
Finally, Windows 8 will be smarter about which allocated memory to keep and which to free up. For example, antivirus programs need memory when they check on files opened by other applications. Since this is typically a one-time allocation, that specific chunk of memory probably wouldn't be needed again by the AV software. As such, Windows 7 might free up that RAM for something else if memory became scare. But such an action could drag down performance.
Instead, "In Windows 8, any program has the ability to allocate memory as 'low priority,' Karagounis said. "This is an important signal to Windows that if there is memory pressure, Windows can remove this low priority memory to make space, and it doesn't affect other memory required to sustain the responsiveness of the system."
Overall, the new memory optimization should coax better performance out of PCs with an ample supply of RAM but also benefit those with only 1 or 2 gigabytes of memory. As an example, Karagounis looked at the Netbook that Windows president Steven Sinofsky used in a demo at the company's recent Build conference. Comparing the PC's memory usage under Windows 7 and Windows 8 under the same conditions, Karagounis found that Windows 7 chewed up 404MB of RAM, while Windows 8 used only 281MB.

The tweaks will also squeeze more juice out of tablets and other lower-powered devices that don't hold much physical RAM, explained Karagounis. The more RAM a device contains, the more battery power it chews up. Manufacturers of Windows 8 devices can now get by with less physical memory, thereby delivering more life on a single battery charge.

For more information and to see the windows 8 Official Blog Click Here


-News Source (Windows 8 Blog, Cnet)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Every 14 Programs Downloaded by Windows Users Turns out to be Malicious

Posted by Avik Sarkar On 5/18/2011 11:06:00 pm


The next time a website says to download new software to view a movie or fix a problem, think twice. There's a pretty good chance that the program is malicious.
In fact, about one out of every 14 programs downloaded by Windows users turns out to be malicious, Microsoft said Tuesday. And even though Microsoft has a feature in its Internet Explorer browser designed to steer users away from unknown and potentially untrustworthy software, about 5 percent of users ignore the warnings and download malicious Trojan horse programs anyway.
Five years ago, it was pretty easy for criminals to sneak their code onto computers. There were plenty of browser bugs, and many users weren't very good at patching. But since then, the cat-and-mouse game of Internet security has evolved: Browsers have become more secure, and software makers can quickly and automatically push out patches when there's a known problem.
So increasingly, instead of hacking the browsers themselves, the bad guys try to hack the people using them. It's called social engineering, and it's a big problem these days. "The attackers have figured out that it's not that hard to get users to download Trojans," said Alex Stamos, a founding partner with Isec Partners, a security consultancy that's often called in to clean up the mess after companies have been hacked.
Social engineering is how the Koobface virus spreads on Facebook. Users get a message from a friend telling them to go and view a video. When they click on the link, they're then told that they need to download some sort of video playing software in order to watch. That software is actually a malicious program.
Social-engineering hackers also try to infect victims by hacking into Web pages and popping up fake antivirus warnings designed to look like messages from the operating system. Download these and you're infected. The criminals also use spam to send Trojans, and they will trick search engines into linking to malicious websites that look like they have interesting stories or video about hot news such as the royal wedding or the death of Osama bin Laden.
"The attackers are very opportunistic, and they latch onto any event that might be used to lure people," said Joshua Talbot, a manager with Symantec Security Response. When Symantec tracked the 50 most common malicious programs last year, it found that 56 percent of all attacks included Trojan horse programs.
In enterprises, a social-engineering technique called spearphishing is a serious problem. In spearphishing, the criminals take the time to figure out who they're attacking, and then they create a specially crafted program or a maliciously encoded document that the victim is likely to want to open -- materials from a conference they've attended or a planning document from an organization that they do business with.

With its new SmartScreen Filter Application Reputation screening, introduced in IE 9, Internet Explorer provides a first line of defense against Trojan horse programs, including Trojans sent in spearphishing attacks.
IE also warns users when they're being tricked into visiting malicious websites, another way that social-engineering hackers can infect computer users. In the past two years, IE's SmartScreen has blocked more than 1.5 billion Web and download attacks, according to Jeb Haber, program manager lead for SmartScreen.
Haber agreed that better browser protection is pushing the criminals into social engineering, especially over the past two years. "You're just seeing an explosion in direct attacks on users with social engineering," he said. "We were really surprised by the volumes. The volumes have been crazy."
When the SmartScreen warning pops up to tell users that they're about to run a potentially harmful program, the odds are between 25 percent and 70 percent that the program will actually be malicious, Haber said. A typical user will only see a couple of these warnings each year, so it's best to take them very seriously.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Zero-Day Vulnerability In Flash Patched By Adobe

Posted by Avik Sarkar On 2/19/2012 09:48:00 pm

Zero-Day Vulnerability In Flash Patched By Adobe 
Yet another Zero day vulnerability found in Adobe Flash Player. Earlier hackers found zero-day exploit in flash player which can allow an attacker to hack you web-cam remotely later Adobe patched that. Before releasing Flash Player 11 Adobe issued new privacy policy and security update but now it seems that those are of zero use. 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris, Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x. These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system.
Affected Version:- 
  • Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems
  • Adobe Flash Player 11.1.112.61 and earlier versions for Android 4.x, and Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and 2.x

Later Adobe confirmed that and immediately released a patch to close the security hole. Through this security release Adobe also resolves a universal cross-site scripting vulnerability that could be used to take actions on a user's behalf on any website or webmail provider, if the user visits a malicious website. There are reports that this vulnerability (CVE-2012-0767) is being exploited in the wild in active targeted attacks designed to trick the user into clicking on a malicious link delivered in an email message (Internet Explorer on Windows only). Google's Chrome Web browser, which directly integrates Flash into its software (unlike competing browsers) also received an update to reflect Adobe's patch update. 
Recommendation From Adobe:-
Adobe recommends users of Adobe Flash Player 11.1.102.55 and earlier versions for Windows, Macintosh, Linux and Solaris update to Adobe Flash Player 11.1.102.62. Users of Adobe Flash Player 11.1.112.61 and earlier versions on Android 4.x devices should update to Adobe Flash Player 11.1.115.6. Users of Adobe Flash Player 11.1.111.5 and earlier versions for Android 3.x and earlier versions should update to Flash Player 11.1.111.6. For further details click here.
Earlier in 2011 another Flash Player bug found in Blackberry OS & later fixed by the developer and also last year adobe closes serious security hole in Acrobat 9X & Adobe Reader.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

XSS Vulnerability Found By Hitcher on the Official Website of Tom Cruise & Delhi Chamber Of Commerce

Posted by Avik Sarkar On 7/16/2011 01:47:00 pm


Pakistani Hacker Hitcher found non-persistent XSS Vulnerability on the Official Website of Famous Hollywood Actor Tom Cruise and also on the Delhi Chamber Of Commerce website.

Tom Crusie:-

Vulnerable Website:-
 

Vulnerable Link:-


 
Delhi Chamber Of Commerce:-

Vulnerable Website:-

Vulnerable Link:-

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Recent Facebook XSS Attacks Show Increasing Sophistication

Posted by Avik Sarkar On 4/25/2011 01:09:00 pm

A few weeks ago, three separate cross-site scripting (XSS) vulnerabilities on Facebook sites were uncovered within a period of about 10 days. At least two of these holes were used to launch viral links or attacks on users – and it’s clear that attacks against Facebook users are becoming increasingly sophisticated.
The first issue came from a page on the mobile version of Facebook’s site. The interface was a prompt for posting stories to a user’s wall, and the parameter for the text of the prompt did not properly escape output. On March 28, a blogger identifying themselves as “Joy CrazyDaVinci”posted code that demonstrated how the vulnerability could be used to spread viral links:
<iframe id=”CrazyDaVinci” style=”display:none;”
src=”http://m.facebook.com/connect/prompt_feed.php?display=wap&user_message_prompt=’<script>window.onload=function(){document.forms[0].message.value=’Just visited http://y.ahoo.it/gajeBA Wow.. cool! nice page dude!!!‘;document.forms[0].submit();}</script>”></iframe>
This bit of HTML would be included in a viral page. The code sets the content of the wall post to a message that includes a link to a viral page, then submits the prompt automatically. Anyone clicking the link would get the same code executed on their account. The viral page could be used for malware distribution or phishing attacks, but in most cases where I saw this trick used, the page simply loaded advertisements or “offer spam”.
By the next day, several links were spreading virally and caught the attention of security researchers. Facebook moved quickly to patch the issue, and Crazy DaVinci issued an apology for the example code, explaining that versions of it had actually been circulating for several days prior and that the demonstration was intended to push Facebook for a fix.
On April 3, another XSS problem came to light, this time with a Facebook “channel” page used for session management. Both another security researcher and I had previously looked at this interface and found it properly escaped, so it’s likely a code update mistakenly changed the page’s behavior. Facebook again patched the problem soon after news of it spread.
I didn’t observe any viral exploitation of the second vulnerability in the wild, but after the first problem came to light, I noted that it was mostly used to submit a form already on the page for posting links. The payload made use of functionality within the vulnerable page, but XSS allows an attacker to do far more. I wondered when we might see a Facebook attack that made greater use of cross-site scripting’s potential.

What a Difference a Space Makes

I didn’t have to wait long. On April 7, I got word via Twitter of a Facebook app that had live XSS, but the app had disappeared before I got to see it in action. At first, I thought this was yet another case of XSS within the context of a Facebook app. But I soon found other version of the app which were still online, and I quickly realized this was actually an XSS problem with the Facebook Platform. Also, the XSS payload being used did much more than submit a form.
The attack used FBML-based Facebook apps, which render in the context of an apps.facebook.com page. Normally, Facebook filters code to prevent any scripts from directly modifying the page’s DOM, but the XSS problem gave attackers a bypass. When a user visited the app page, they would see what appeared to be a fairly benign page with a popular video.
Unlike many Facebook page scams, the promised video actually works – if you click play, the video will load and nothing unusual seems to happen. But as the code screenshot below reveals, that click does much more than load the video.
When the page first loads, the “video” is actually just an image placeholder with a link. Part of the href parameter for that link is shown above. Note the space after the opening quotation mark – that’s where the XSS comes in. Normally, Facebook would block a link to a javascript: URL. Adding the space worked around Facebook’s filters, but the browser would still execute the rest of parameter.
According to Facebook, it turned out that some older code was using PHP’s built-in parse_url function to determine allowable URLs. For example, while parse_url(“javascript:alert(1)”) yields a scheme of “javascript” and a path of “alert(1)”, adding whitespace gives a different result: parse_url(” javascript:alert(1)”) does not return a scheme and has a path of “javascript:alert(1)”. Other PHP developers should take note of the difference if parse_url is being used in security-related code.

A More Advanced Attack

Clicking the link executed an inline script that in turn added a script element to the page. This loaded more code from a remote address and included several parameters in the GET request. The parameters set variables within the remote code that specified what video to load, what URLs to use for viral posts, and so on. Multiple Facebook apps and domains were used for the viral links, but the main script always came from the same host. This helped the attack persist, since blocking one site would not stop it and the central code was loaded dynamically.
The remote code handled actually loading the video, but also included a number of functions which make use of having script access in a facebook.com context. The script would set the user as attending spam events, invite friends to those events, “like” a viral link, and even send IMs to friends using Facebook Chat.
When I came across the attack, one block of code had been commented out, but one bloggerdiscovered a version of the attack a few days prior and saw it in action. This part loaded a fake login form which actually sent the entered username and password to a log interface on the attacker’s server. (Remember, this phishing form would appear in the context of a page with typical Facebook chrome.) Since the attack page would load even if a user was not logged in to Facebook, this could have also been a way to make sure a session was available before launching the other functions.
Fake videos and viral links are nothing new on Facebook, but most of these scams tend to be fairly simple. In fact, it’s not hard to find forums where people offer boilerplate code for launching such schemes – much like the first XSS worm above which simply submitted a form. But the April XSS attack involved multiple domains, multiple user accounts, and multiple methods for spreading and hijacking user accounts. And it still only scratched the surface of what’s possible with an XSS vulnerability. I expect we’ll see more XSS-based attacks and more powerful payloads in the future.

Postscript on Real-Time Research

I came across the April attack late one afternoon as I was preparing to leave work… so I could present on XSS at a local OWASP meeting! Those following me on Twitter saw a somewhat frantic stream of tweets as I tried to find live examples of the attack and sorted through the code while closely watching the clock and wrapping up last-minute presentation details. Earlier this week, I did some searching to review information for this post, and I came across this article from eWEEK: “Facebook Bully Video Actually an XSS Exploit“.
I was a bit surprised by it, as I hadn’t known about it before and saw that it quoted me. I then realized it was quoting my tweets! I then read that I had “confirmed to eWEEK on Twitter” one aspect of the story. At first I was confused, but then remembered that during my flood of tweeting, another user had sent an @ reply asking about the very detail the story talked about. Checking that tweet again, I found out the question had come from the article’s author.
I relate all this not because any of it bothered me, simply because (1) I found it somewhat fascinating that a few quick Twitter updates could become the primary source for a news article and (2) I was humbled to realize that a few quick Twitter updates could become the primary source for a news article! While it’s great that a story can spread so fast, it was certainly gave me a reminder to be careful when discussing topics of interest on a public forum. But I’m glad I can do my part in helping raise awareness of online dangers, particular the implications of XSS.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search