Showing posts with label Malware. Show all posts
Showing posts with label Malware. Show all posts

TeamSpeak Official Forum Hacked! Redirecting Users Into Malicious DotCache Exploit Kit

Posted by Avik Sarkar On 12/05/2013 02:35:00 am

TeamSpeak Official Forum Hacked! Infecting Users By Malicious DotCache Exploit Kit
A serious security breach has compromised official forum of TeamSpeak, according to sources hackers have gained access inside the server and injected malicious script into the landing page of TeamSpeak official forum. Expert malware analyzer have figured out that the attack was thoroughly planned in order to infect millions of users while redirecting them to a DotCache exploit kit landing page as illustrated below 
TeamSpeak is a very famous Brazilian company who offers (VoIP) software that allows computer users to speak on a chat channel with fellow computer users, much like a telephone conference call. Users use the TeamSpeak client software to connect to a TeamSpeak server of their choice, from there they can join chat channels and enjoy the excellent VoIP service. Mostly it is used by millions of gamers across the globe. 
Basically we can consider TeamSpeak is a high value target, so did the hacker. Researchers said that the exploit kit landing page is hosted on atvisti.ro, a forum for ATV enthusiasts that's also been compromised. In a statement well known malware analyst & security researcher Jerome Segura said- if the Java exploit succeeds the final payload is loaded. In this particular example, the payload was the Zero Access Trojan which an Anti-Malware from Malwarebytes detects as Rootkit.0Access. The matter of a bit relief is that the malware has not yet been spotted in the wild. According to a statistic by Virus Total, only 7 of 46 leading antivirus can detect this type of malware. Exactly like TeamSpeak, a few days earlier Kahu Security researchers uncovered a similar compromise on the forum for the Nissan Pathfinder Off Road Association (NPORA) in both cases, JJEncode was used to obfuscate the malicious script. To avoid further infection, TeamSpeak forum has already been informed, an as expected they have over come this issue. For detail analysis of the above said malware you can visit official blog post of Malwarebytes



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites

Posted by Avik Sarkar On 5/05/2013 03:11:00 pm

Linux/Cdorked.A: One of The Most Sophisticated Apache Backdoor Targets Millions of Websites to Serve Blackhole Exploit

ESET one of the world renowned security firm headquartered in Bratislava have figured out what it called a malicious cyber rampage targeting millions of cPanel-based servers. Since last few months security experts have been tracking server level compromises that have been utilizing malicious Apache modules to inject malware into websites and  redirecting some of its requests to the infamous Blackhole Exploit packs. On cPanel-based servers, instead of adding modules or modifying the Apache configuration, the attackers started to replace the Apache binary (httpd) with a malicious one. This new backdoor is very sophisticated and this new malware has been dubbed "Linux/Cdorked.A." Several analysis reveals that it is a sophisticated and stealthy backdoor meant to drive traffic to malicious websites. According to the official blog post of ESET - Linux/Cdorked.A is one of the most sophisticated Apache backdoor's we have seen so far. The backdoor leaves no traces of compromised hosts on the hard drive other than its modified httpd binary, thereby complicating forensics analysis. All of the information related to the backdoor is stored in shared memory. The configuration is pushed by the attacker through obfuscated HTTP requests that aren't logged in normal Apache logs. This means that no command and control information is stored anywhere on the system.
This malicious cyber rampage was first detected by another security firm named 'Sucuri' and later ESET published a detailed analysis of the issue. But still there are thoughtful matter as already thousands of websites get infected. The attack is particularly dangerous as Apache web servers are among the most well-known and widely-used in the world and are used by numerous companies. This means that a successful security breach can affect numerous different businesses across a diverse range of industries.
As this malware also known as Linux/Cdorked.A has already been spotted in the wild, so on behalf of cyber media, we urge all the concern system administrator, security analyst to take care of the above issue while to checking their servers and verify that they are not affected by this threat. Detailed instructions to perform this check are provided in the ESET blog.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

Posted by Avik Sarkar On 2/25/2013 02:07:00 pm

NBC.com Compromised, Hackers Exploited The Website to Spread Malware

The month of February is still going from bad to worse for the cyber domain, in this very month cyber criminals swallowed the security system of many giant companies like Facebook, Twitter, Apple, New York Times and many more. But the game is not over yet, as we have just passed a few weeks, when the attack on NY Times took place, which stolen the employ database; yet again the cyber criminals have targeted another media giant National Broadcasting Company widely known as NBC. During the attack, hackers have successfully gain access inside the server of NBC and planted malware, in order to harm innocent readers. Famous security expert and blogger Brian Krebs said that the hackers inserted code into the NBC.com homepage. This caused visiting browsers to load pages from third-party sites that were compromised. While explaining the nature of the attacker, Krebs said; "The compromised sites tried to foist the Citadel Trojan, a variant of the Zeus Trojan." The Zeus is a "sophisticated data theft tool that steals passwords and allows attackers to control machines remotely" he added. Not only the NBC’s home page, also several others were affected, including the pages of late night talk show hosts Jay Leno and Jimmy Fallon. Well known security firm Sophos explained how roughly attack played out, and how NBC got sucked into the equation:
  • NBC's hacked pages were altered to add some malicious JavaScript that ran in your browser.
  • The JavaScript injected an additional HTML component known as an IFRAME (inline frame) into the web page.
  • The IFRAME sucked in further malicious content from websites infected with an exploit kit known as RedKit.
  • The exploit kit delivered one of two exploit files to try to take control over your browser via a Java vulnerability or a PDF bug.
  • If the exploit worked on your computer, financially-related crimeware from the Citadel or ZeroAccess families was installed.
This, of course, is an example of a dreaded drive-by download, where the crooks use a cascade of tricks to download, install and execute software without going through any of the warnings or confirmation dialog you might expect. This, in turn, means that even if you are a careful and well-informed user, you may end up in trouble, since there are no obvious signs that you are doing anything risky, or even unexpected.
As soon as this story get spotted the American commercial broadcasting television network, NBC News reported and confirmed that its site had been attacked. The broadcaster released the following statement regarding the website: "We've identified the problem and are working to resolve it. No user information has been compromised."
The emergency response team immediately take the situation under control and restored the website, and confirmed that the site is back again and completely safe for its visitors. But so far there is no evidence of attackers who were involved in this attack. For the safety of VOGH readers we would like to recommend you to update your operating systems and browser plugins. Also note that the attack on NBC was similar to many that have occurred in recent years in that the malicious sites tried to exploit vulnerabilities in Java. So it will better to disable Java, unless it is that much necessary. So stay tuned with VOGH and be safe in the cyber domain. 






SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York

Posted by Avik Sarkar On 2/01/2013 08:53:00 pm

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York 

Yet again another serious issue of cyber crime get resolved when the FBI tracked and figured out the master mind of infamous 'Gozi banking Trojan' which effected more than millions of system world wide, including a handful at NASA, leading to tens of millions of dollars in lost banking funds and damages to computer systems and networks. Three alleged international cyber criminals from Russia, responsible for creating and distributing 'Gozi' that infected over one million computers and caused tens of millions of dollars in losses charged in Manhattan Federal Court. Mihai Ionut Paunescu aged 28, a Romanian, Deniss Calovskis, 27, a Latvian, and Nikita Vladimirovich Kuzmin, 25, of the Russian Federation, are charged with computer intrusion, conspiracy to commit bank and wire fraud and access device fraud. Federal authorities said the three were arrested last week; Kuzmin is being held in New York, while Paunescu is in custody in Romania and Calovskis in Latvia. 
According to the press release of FBI -Deniss Calovskis, a/k/a “Miami,” a Latvian national who allegedly wrote some of the computer code that made the Gozi virus so effective, was arrested in Latvia in November 2012. Mihai Ionut Paunescu, a/k/a “Virus,” a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes, was arrested in Romania in December 2012. 

The cases are being handled by the Complex Frauds Unit of the United States Attorney’s Office. Assistant United States Attorneys Sarah Lai, Nicole Friedlander, and Thomas G.A. Brown, along with Trial Attorney Carol Sipperly of the Computer Crime and Intellectual Property Section of the Department of Justice on the Paunescu case, are in charge of the prosecution. The charges contained in the Indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

DefendantAge and ResidenceChargesMaximum Penalty
Nikita Kuzmin25; Moscow, RussiaConspiracy to commit bank fraud; bank fraud; conspiracy to commit access device fraud; access device fraud; conspiracy to commit computer intrusion; computer intrusion95 years in prison
Deniss Calovskis27; Riga, LatviaConspiracy to commit bank fraud; conspiracy to commit access device fraud; conspiracy to commit computer intrusion; conspiracy to commit wire fraud; conspiracy to commit aggravated identity theft67 years in prison
Mihai Ionut Paunescu28; Bucharest, RomaniaConspiracy to commit computer intrusion; conspiracy to commit bank fraud; conspiracy to commit wire fraud60 years in prison


Brief About Gozi:-
The Gozi virus is malicious computer code, or “malware,” that steals personal bank account information, including usernames and passwords, from the users of affected computers. It was named by private sector information security experts in the U.S. who, in 2007, discovered that previously unrecognized malware was stealing personal bank account information from computers across Europe on a vast scale, while remaining virtually undetectable in the computers it infected. To date, the Gozi virus has infected over one million victim computers worldwide, among them at least 40,000 computers in the U.S., including computers belonging to the National Aeronautics and Space Administration (NASA), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and elsewhere, and it has caused tens of millions of dollars in losses to the individuals, businesses, and government entities whose computers were infected.

The Gozi virus was distributed to victims’ computers in several different ways. In one method, the virus was disguised as an apparently benign .pdf document which, when opened, secretly installed the Gozi virus on the victim’s computer. Once installed, the Gozi virus—which was intentionally designed to be undetectable by anti-virus software—collected data from the infected computer in order to capture personal bank account information including usernames and passwords. That data was then transmitted to various computer servers controlled by the cyber criminals who used the Gozi virus. These cyber criminals then used the personal bank account information to transfer funds out of the victims’ bank accounts and ultimately into their own personal possession.


For Detailed Information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

American Farm Bureau Federation (AFBF) Official Site Hacked & Infected With Malware

Posted by Avik Sarkar On 1/01/2013 03:47:00 pm

American Farm Bureau Federation (AFBF) Official Site Hacked & Infected With Malware 

The official website of American Farm Bureau have been fallen victim to cyber criminals. If you try to visit the farm Bureau site we have to face a malware warning as shown in the picture below.. 
According to sources some unnamed hacker managed to breach the server of Farm Bureau and infected that with malware. So far the reason of this cyber attack is unknown, but according to sources the American Farm Bureau Federation  (AFBF) authority did not released any press statement or neither commented about the breach. The attack took place in the night of first January, but still the index page of the site is showing virus warning. The last update is saying that the AFBF cyber team is restoring the server. 

Brief about AFBF:- The American Farm Bureau Federation (AFBF), commonly referred to as the Farm Bureau, is a nonprofit organization and the largest general farm organization in the United States. The stated mission of AFBF is "working through our grassroots organizations to enhance and strengthen the lives of rural Americans and to build strong, prosperous agricultural communities." AFBF is headquartered in Washington, DC. There are 50 state Farm Bureau affiliates and one in Puerto Rico.




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Posted by Avik Sarkar On 12/05/2012 07:33:00 pm

'Dockster' A New Mac Malware Targeting Apple Users Found on Dalai Lama Related Website

Researcher at F-Secure blog has identified that A new piece of malicious software targeted at Apple users has been found on a website dedicated to the Dalai Lama. According to blog post by F-Secure -the website related to Dalai Lama is fully compromised and is pushing new Mac malware, called Dockster, using a Java-based exploit. Dockster tries to infect computers by exploiting a vulnerability in Java, CVE-2012-0507. The vulnerability is the same one used by the Flashback malware, which first appeared around September 2011 and infected as many as 600,000 computers via a drive-by download. Flashback was used to fraudulently click on advertisements in order to generate illicit revenue in a type of scam known as click fraud. Apple patched the vulnerability in Java in early April and then undertook a series of steps to remove the frequently targeted application from Macs. Apple stopped bundling Java in the 10.7 version of its Lion operation system, which continued with the company's Mountain Lion release. In October, Apple removed older Java browser plug-ins in a software update.
But still the matter of relief is that current versions of OS X are not vulnerable; users who have disabled the Java browser plug-in are also not vulnerable. F-Secure researcher Sean Sullivan said Dockster is “a basic backdoor with file download and keylogger capabilities.” Meanwhile F-Secure’s Sullivan, also said that the Dalai Lama’s site is also serving a Windows-based exploit for CVE-2012-4681, the Agent.AXMO Trojan. The Trojan exploits a Java vulnerability that allows remote code execution using a malicious applet that is capable of bypassing the Java SecurityManager. 

Please Note That: The gyalwarinpoche.com site doesn't seem to be as "official" as dalailama.com

While talking about Mac malware, then you must remember that earlier also Mac users faced such attacks when mac Trojan OSX.SabPub was spreading through Java exploits In 2011 we have also seen OSX/Revir-B trojan was installed behind a PDF, and giving hackers remote access to MAC computers, not only Revier-B also Linux Tsunami trojan Called "Kaiten"targeted Mac OS users in 2011. Also another malware named "Devil Robber" which was also make MAC users victim while stealing their personal information. In the very decent past we have seen a trojan named 'BackDoor.Wirenet.1'  apparently providing its masters with a backdoor into infected systems. It is also capable of stealing passwords stored in browsers like ChromeChromium,Firefox and Opera. For any kind of cyber updates and infose news, stay tuned with VOGH.





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users 

Users who have their websites hosted by GoDaddy again fallen victim of cyber attack. Researcher at ShopsLabs reported that cyber criminals have managed to hack the DNS records of GoDaddy hosted websites and thus they infected a large number of GoDaddy users with ransomwareFraser Howard, a Principal Virus Researcher of SophosLabs stated that the hackers behind these attacks are “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.” By doing so, the criminals are able to set-up URLs that seem legitimate, potentially sneaking through security filtering systems and duping Internet surfers into believing they are harmless, he explained in a Friday blog entry. In some instances, multiple subdomains were added to each user’s account, with each of them redirecting viewers to at least one malicious IP address.  
Go Daddy customers who wish to check they have not been affected by these attacks should check their DNS configuration according to the Go Daddy support page. 

As soon as the attack has been spotted in the wild, GoDaddy released a statement included below :-

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.
We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.
Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at http://support.godaddy.com/help/article/7502/enabling-twostep-authentication.
If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support. "
While talking about GoDaddy and cyber attack, then we would like to remind you that, this may not have been the first hacking attempt against Go Daddy this fall. Couple of months ago, a hacker from Anonymous claimed to have taken down the domain registry and web hosting company. However, one day after the attack, Go Daddy denied they had been targeted by cyber criminals. Last year in September several GoDaddy sites were compromised, there also the reason was a malware




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

In a research security software company McAfee figure out Sunny Leone as the most dangerous celebrity in the Indian cyber space for this year, followed by Katrina Kaif and Kareena Kapoor. For the sixth year in a row, McAfee researched popular culture’s most famous people to reveal riskiest celebrity sportsmen, actors and politicians across the Web to reveal the 2012 rendition of ‘Most Dangerous Celebrity’ research. In the India ranking this year, Sunny Leone displaced Katrina Kaif, who owned this title in the 2011 edition of this annual research. Lubna Markar, Sr. Marketing Manager India and South Asia, McAfee, said, “Cyber criminals continue to leverage top celebrities to lure people to websites with malicious software. This year too, we saw cyber crooks leveraging Bollywood stars whereby the maximum number of malicious software laden sites pertained to Sunny Leone. This testifies her top position as the most dangerous celebrity in Indian cyberspace in 2012.” 
The study for ‘Most Dangerous Celebrity’ used the McAfee SiteAdvisor site rating which indicates the sites that are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top 10 celebrities in India from this year’s study with the highest risk percentages are: 

  1. Sunny Leone: This sexy Canadian model/actress who made headlines with her presence in the celebrity reality show BigBoss, ranks first with 9.95% chances of luring people into clicking on malicious links.
  2. Katrina Kaif: India’s ‘chikni chameli’ was the most dangerous Indian celebrity of 2011, but has slipped down to the 2nd position this year with a risk percentile of 8.25%.
  3. Kareena Kapoor: The 3rd Most Dangerous Celebrity and winner of six film fare awards has a 6.67% possibility of making users fall into a trap of malware laden Web sites.
  4. Priyanka Chopra: This former Miss World who has been the reigning queen of Bollywood occupies the 4th position on the Most Dangerous Celebrities list with a risk percentile of 6.5%.
  5. Bipasha Basu: With Raaz 3, this Bengali bombshell has moved up the ranking from 8th in 2011 to the 5th position in 2012. She has a 5.58% percentile of leading users to a malicious site.
  6. Vidya Balan: After her ‘Dirty Picture’, Vidya Balan has a 5.33 % chance of leading users to malicious sites. The versatile Indian actress has marked her presence even in the cyber space.
  7. Deepika Padukone: This sultry actress of ‘Cocktail’ fame, was the 2nd most dangerous celebrity in the year 2011, but has plummeted to 7th position this year, with a 4.92% chance of being led to a malicious Web site.
  8. Salman Khan: One of the most sought after stars in Bollywood, Salman Khan has redefined the trends of the Hindi film industry with his roles in movies such as Dabangg and Ek Tha Tiger. With a risk percentile of 4.83%, he is on the eighth position in our Most Dangerous Celebrities ranking.
  9. Aishwarya Rai Bachchan: Touted as ‘the most beautiful woman in the world’, Aishwarya Rai Bachchan, is the ninth most dangerous celebrity in India with a risk percentile of 4.58%.
  10. Poonam Pandey: The Kingfisher calendar girl who was also amongst the top 8 contestants in ‘Gladrags 2010′, has a risk percentile of 4.25% and is the tenth most dangerous celebrity.


If you go thorugh the report of McAfee's 2012’s Most Dangerous Cyber Celebrity then you will come to know that Emma Watson has replaced Heidi Klum as McAfee's 2012 most dangerous celebrity to search for online. For the sixth times in a row, McAfee researched popular culture’s most famous people to reveal the riskiest Hollywood actors, athletes, musicians, politicians, designers, and comedians on the Web.  The McAfee Most Dangerous Celebrities™ study found that women are more dangerous than men with Jessica Biel taking the number two spot and Eva Mendes coming in third. Latina women have proven that they are on fire and make up five of the top ten spots. After Mendes, Selena Gomez, Shakira and Salma Hayek take the fourth, seventh and ninth spot and Sofia Vergara rounds out the top 10 list. Funnyman Jimmy Kimmel is the only male to make the top 20 list this year. 

The top 10 celebrities from this year’s study with the highest percentages of risk are:-

  1. Emma Watson – Best known for her role as Hermione Granger in the “Harry Potter” franchise, the British actress tops the list as the 2012 Most Dangerous Celebrity. Watson continues to star in feature films including “My Week with Marilyn” and “The Perks of Being a Wallflower” and is an ambassador for Lancôme.
  2. Jessica Biel – The 2009 Most Dangerous Celebrity rose two spots this year from coming in at number 4 in 2011. Biel continues to be in the spotlight with fiancée Justin Timberlake and her role in 2012’s “Total Recall.”
  3. Eva Mendes – A new addition to the list,Mendes has starred in films including “2 Fast 2 Furious” and “Hitch.” She is currently in the news for her fling with Ryan Gosling.
  4. Selena Gomez – The tween musician and actress is best known for her role as Alex Russo on Disney’s “Wizards of Waverly Place” and for dating teen heartthrob Justin Bieber. She has been cast in the upcoming film “Parental Guidance Suggested” and was recently named one of Forbes’ Top 10 Best Social Media Superstars.
  5. Halle Berry – The Academy Award winning actress is famous for her stand out roles in action and horror films including “Catwoman” and “Gothika”. Berry is in the spotlight for her custody battle with baby daddy Gabriel Aubry.
  6. Megan Fox – The sexy actress rose 9 spots compared to her number 15 spot last year. She is currently in the news for her pregnancy with husband Brian Austin Green and will be seen in the upcoming film “This is 40”.
  7. Shakira – The belly-dancing singer/songwriter best known for her songs “Hips Don’t Lie” and “Whenever, Wherever” comes in at number 7. She was recently named one of Forbes’ World’s Most Powerful Women and was ranked number 6 on Forbes’ Top 10 Best Social Media Superstars.
  8. Cameron Diaz – 2010’s Most Dangerous Celebrity fell to eighth place, with searches resulting in slightly fewer risky sites this year. She was most recently in the spotlight for allegedly dating Alex Rodriguez. She is rumored to star in “Expendables 3.”
  9. Salma Hayek – The actress, producer and director received an Academy Award for her role as Frida Kahlo in “Frida” and recently starred in “Savages.” She is currently in the news for her controversial remarks about her Mexican heritage in a Vogue interview. She is married to billionaire François-Henri Pinault.
  10. Sofia Vergara – The Columbian actress and model best known for her comedic role as Gloria Delgado-Pritchett on ABC’s Emmy Award winning “Modern Family” rounds out the top 10 list. She also starred in the “The Three Stooges” film this year and was recently named one of Forbes’ World’s Most Powerful Women and highest paid TV actress. She recently announced her engagement to businessman Nick Loeb.



For more information about this topic click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Posted by Avik Sarkar On 11/04/2012 04:52:00 am

VUPEN Researchers Said: They Have First Zero-Day Exploit for Windows 8 & Internet Explorer 10

Everyday the users of Microsoft newly launched and so far most advanced windows operating system, I mean Windows 8 are increasing. But we have to keep in mind the security threats are also increasing in parallel. Recently well known French IT security firm Vupen, also known as controversial bug hunters and exploit sellers claimed to have Zero-day exploit of Windows 8. Experts at Vupen Security took credit of cracking the low-level security enhancements featured in Windows 8, Microsoft's latest operating system. According a tweet made by the official account of Vupen Security said it already has a Windows 8 exploit on offer. "Our first 0day for Win8+IE10 with HiASLR/AntiROP/DEP & Prot Mode sandbox bypass (Flash not needed) is ready for customers. Welcome #Windows8" 
Apparently, the exploit combines several unpatched (0-day) security holes in the new version of Windows and the bundled Internet Explorer 10 browser to inject malicious code into systems via specially crafted web pages. Also VUPEN CEO and head of research Chaouki Bekrar sent out a pair of ominous Tweets yesterday claiming to have developed the first zero-day exploit for Windows 8 and Internet Explorer 10, both released Oct. 26. Bekrar hints the exploit is a sandbox bypass for IE10 with ASLR, DEP and anti-ROP mitigations enabled. “We welcome #Windows8 with various 0Ds combined to pwn all new Win8/IE10 exploit mitigations,” Bekrar wrote. 

The exploit allegedly bypasses all of Windows 8's malware protection features: for example the Address Space Layout Randomization (ASLR) function that Microsoft has extended in the current edition of Windows to cover more system areas and offer improved randomisation. Vupen claims that the exploit also bypasses the Data Execution Prevention (DEP) and ROP features as well as Internet Explorer's sandbox-like Protected Mode. A patch for the exploited holes may not become available in the foreseeable future: Vupen said that it discovered the vulnerabilities itself and doesn't plan to disclose them to Microsoft. The company is only offering its exploit to its paying customers, among them government investigation authorities. Should Microsoft close the holes, the elaborate exploit would significantly decrease in value.



-Source (The-H & threatpost)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SOPA Returns! Not From Congress But As a Ransomware Virus

Posted by Avik Sarkar On 10/20/2012 12:07:00 pm

SOPA Returns! Not From Congress But As a Ransomware Virus

Last month in a report we said, that "SOPA & PIPA are dead, they're not coming back". Former Senate Christopher Dodd, now chairman of the Motion Picture Association of America, said the Stop Online Piracy Act and Protect IP Act aren’t going to be floated again in Congress. Now it seems that he was not fully right as The Stop Online Piracy ACT also known as SOPA the most controversial act which terrified almost every people, who is associated with Internet still chasing us, though the bill was defeated after massive protest; still  SOPA is not leaving us. I know its a tragic news, but do't be panic, this time its not the comeback of SOPA act from Congress but as a nasty cryptovirus that locks up people’s computers and accuses them of distributing copyright infringing files. Infected users can get their data back after a payment of $200 – at least, that’s what the virus makers promise. Several researcher have figure out and warning that new ransomware that claims to be an alert from the "Stop Online Piracy Automatic Protection System." It goes on to tell you that your computer is on a "S.O.P.A. IP Black List" because it was used to download copyright infringing materials, child pornography or illegal software. The malware encrypts all of your data files and holds them hostage, offering to decrypt them if you pay a fee to the criminals. According to report by Torrent Freakthe SOPA virus holds all files on the host computer ransom.
“Your computer is locked!” the splash screen above warns, adding:
If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List. One or more of the following items were made from your PC:
1. Downloading or distributing audio or video files protected by Copyright Law.

2. Downloading or distributing illegal content (child porn, phishing software, etc.)
3. Downloading or distributing Software protected by Copyright Law.

As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.
The SOPA virus is so-called ransomware, meaning that it holds computers hostage and only promises to free data after victims hand over cash. In the U.S. and Canada people are instructed to pay with a MoneyPak prepaid voucher, and in other parts of the world they can use Western Union. Those who don’t pay within three days are in trouble, the virus maker warns. “WARNING!!!: If you don’t pay the fine within 72 HOURS at the amount of 200 USD, all your computer data will be erased.”
People who are affected should of course ignore all the above. Searching online for “Stop Online Piracy Automatic Protection System Removal”” is a better option, there are plenty of ways to defeat the resurrected SOPA and get your data back.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Posted by Avik Sarkar On 9/29/2012 02:33:00 am

Hackers Breached Adobe Server in Order to Compromise Certificate to Sign malware

Few advanced hackers have managed to break into an internal server at Adobe to compromise a digital certificate that allowed them to create at least two files that appear to be legitimately signed by the software maker, but actually contain malware. This security breach took place on Thursday and the software giant Adobe confirmed that the attackers signed at least two malicious utility programs with the valid Adobe certificate. The company traced the problem to a compromised build server that had the ability to get code approved from the company’s code-signing system. As a result of the breach, which appears to date back to early July, Adobe on Oct. 4 expects to revoke the compromised certificate that was used to sign the malicious files. According to Brad Arkin, senior director of product security and privacy for Adobe “This only affects the Adobe software signed with the impacted certificate that runs on the Windows platform and three Adobe AIR applications that run on both Windows and Macintosh,” 

Arkin wrote. “The revocation does not impact any other Adobe software for Macintosh or other platforms.” The company uncovered the breach after coming across two malicious "utilities" that appeared to be digitally signed with a valid Adobe cert. It is unclear how or whether those files were used in the wild to target anyone. "Sophisticated threat actors use malicious utilities like the signed samples during highly targeted attacks for privilege escalation and lateral movement within an environment following an initial machine compromise," Arkin wrote

In another blog posted by Arkin, he said that, generally speaking, most Adobe users won't be affected"Is your Adobe software vulnerable because of this issue?" he wrote. "No". This issue has no impact on the security of your genuine Adobe software. Are there other security risks to you? We have strong reason to believe that this issue does not present a general security risk. The evidence we have seen has been limited to a single isolated discovery of two malicious utilities signed using the certificate and indicates that the certificate was not used to sign widespread malware."
The "build" server that was compromised was not configured according to Adobe's corporate standards, but that shortfall wasn't caught during the provisioning process, Arkin said. He added that the affected server did not provide the adversaries with access to any source code for other products, such as the popular Flash Player and Adobe Reader and Acrobat software. 
Here we would like to give you reminder that in the last few months we have been a slew of attacks against the following sites: Guild Wars 2GamigoBlizzardYahooLinkedIneHarmonyFormspringAndroid ForumsGamigo,  Nvidia,Blizzard and  Philips. And after this breach Adobe also enlisted its name among those who was fallen victim to cyber criminals in this year. For all the latest on cyber security and hacking related stories; stay tuned with VOGH

UPDATE: Recently we got an update, where Adobe denies the breach. In their later press release an Adobe spokeswoman said the certificate was not actually stolen: "Adobe has stringent security measures in place to protect its code signing infrastructure. The private keys associated with the Adobe code signing certificates were stored in Hardware Security Modules (HSMs) kept in physically secure facilities. We confirmed that the private key associated with the Adobe code signing certificate was not extracted from the HSM."


-Source (Adobe, SC Magazine, WIRED)





SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Posted by Avik Sarkar On 9/20/2012 05:40:00 pm

Three Secrets & Full Analysis of Flame's Command & Control Servers Unraveled

Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Recently security firm Kaspersky lab has published a new report on the sophisticated nation-state sponsored Flame cyber-espionage campaign. During the research, conducted by Kaspersky Lab in partnership with International Telecommunication Union’s cybersecurity executing arm - IMPACT, CERT-Bund/BSI and Symantec, a number of Command and Control (C&C) servers used by Flame’s creators were analyzed in detail. The analysis revealed new, groundbreaking facts about Flame. Particularly, traces of three yet undiscovered malicious programs were found, and it was discovered that the development of the Flame platform dates back to 2006.

Main findings:
  • The development of Flame’s Command and Control platform started as early as December 2006.
  • The C&C servers were disguised to look like a common Content Management System, to hide the true nature of the project from hosting providers or random investigations.
  • The servers were able to receive data from infected machines using four different protocols; only one of them servicing computers attacked with Flame.
  • The existence of three additional protocols not used by Flame provides proof that at least three other Flame-related malicious programs were created; their nature is currently unknown.
  • One of these Flame-related unknown malicious objects is currently operating in the wild.
  • There were signs that the C&C platform was still under development; one communication scheme named “Red Protocol” is mentioned but not yet implemented.
  • There is no sign that the Flame C&Cs were used to control other known malware such as Stuxnet or Gauss.
The Flame cyber-espionage campaign was originally discovered in May 2012 by Kaspersky Lab during an investigation initiated by the International Communication Union. Following this discovery, ITU-IMPACT acted swiftly to issue an alert to its 144 member nations accompanied with the appropriate remediation and cleaning procedures. The complexity of the code and confirmed links to developers of Stuxnet all point to the fact that Flame is yet another example of a sophisticated nation-state sponsored cyber operation. Originally it was estimated that Flame started operations in 2010, but the first analysis of its Command and Control infrastructure (covered by at least 80 known domains names) shifted this date two years earlier.
The findings in this particular investigation are based on the analysis of the content retrieved from several C&C servers used by Flame. This information was recovered despite the fact that Flame’s control infrastructure went offline immediately after Kaspersky Lab disclosed the existence of malware. All servers were running the 64-bit version of the Debian operating system, virtualized using OpenVZ containers. Most of the servers’ code was written in the PHP programming language. Flame’s creators used certain measures to make the C&C server look like an ordinary Content Management System, in order to avoid attention from the hosting provider.
Sophisticated encryption methods were utilized so that no one, but the attackers, could obtain the data uploaded from infected machines. The analysis of the scripts used to handle data transmissions to the victims revealed four communication protocols, and only one of them was compatible with Flame. It means that at least three other types of malware used these Command and Control servers. There is enough evidence to prove that at least one Flame-related malware is operating in the wild. These unknown malicious programs are yet to be discovered.
Another important result of the analysis is that the development of the Flame C&C platform started as early as December 2006. There are signs that the platform is still in the process of development, since a new, yet not implemented protocol called the “Red Protocol” was found on the servers. The latest modification of the servers’ code was made on May 18, 2012 by one of the programmers.
“It was problematic for us to estimate the amount of data stolen by Flame, even after the analysis of its Command and Control servers. Flame’s creators are good at covering their tracks. But one mistake of the attackers helped us to discover more data that one server was intended to keep. Based on this we can see that more than five gigabytes of data was uploaded to this particular server a week, from more than 5,000 infected machines. This is certainly an example of cyber espionage conducted on a massive scale,” commented Alexander Gostev, Chief Security Expert, Kaspersky Lab. 
Here we want to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 
For detailed analysis on Flame's command and control (C&C) servers click Here

-Source (Kaspersky)


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search