Showing posts with label virus. Show all posts
Showing posts with label virus. Show all posts

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York

Posted by Avik Sarkar On 2/01/2013 08:53:00 pm

3 Russian Cyber Criminal Who Was The Master Mind of Banking Trojan 'Gozi' Charged in New York 

Yet again another serious issue of cyber crime get resolved when the FBI tracked and figured out the master mind of infamous 'Gozi banking Trojan' which effected more than millions of system world wide, including a handful at NASA, leading to tens of millions of dollars in lost banking funds and damages to computer systems and networks. Three alleged international cyber criminals from Russia, responsible for creating and distributing 'Gozi' that infected over one million computers and caused tens of millions of dollars in losses charged in Manhattan Federal Court. Mihai Ionut Paunescu aged 28, a Romanian, Deniss Calovskis, 27, a Latvian, and Nikita Vladimirovich Kuzmin, 25, of the Russian Federation, are charged with computer intrusion, conspiracy to commit bank and wire fraud and access device fraud. Federal authorities said the three were arrested last week; Kuzmin is being held in New York, while Paunescu is in custody in Romania and Calovskis in Latvia. 
According to the press release of FBI -Deniss Calovskis, a/k/a “Miami,” a Latvian national who allegedly wrote some of the computer code that made the Gozi virus so effective, was arrested in Latvia in November 2012. Mihai Ionut Paunescu, a/k/a “Virus,” a Romanian national who allegedly ran a “bulletproof hosting” service that enabled cyber criminals to distribute the Gozi virus, the Zeus trojan, and other notorious malware and to conduct other sophisticated cyber crimes, was arrested in Romania in December 2012. 

The cases are being handled by the Complex Frauds Unit of the United States Attorney’s Office. Assistant United States Attorneys Sarah Lai, Nicole Friedlander, and Thomas G.A. Brown, along with Trial Attorney Carol Sipperly of the Computer Crime and Intellectual Property Section of the Department of Justice on the Paunescu case, are in charge of the prosecution. The charges contained in the Indictments are merely accusations, and the defendants are presumed innocent unless and until proven guilty.

DefendantAge and ResidenceChargesMaximum Penalty
Nikita Kuzmin25; Moscow, RussiaConspiracy to commit bank fraud; bank fraud; conspiracy to commit access device fraud; access device fraud; conspiracy to commit computer intrusion; computer intrusion95 years in prison
Deniss Calovskis27; Riga, LatviaConspiracy to commit bank fraud; conspiracy to commit access device fraud; conspiracy to commit computer intrusion; conspiracy to commit wire fraud; conspiracy to commit aggravated identity theft67 years in prison
Mihai Ionut Paunescu28; Bucharest, RomaniaConspiracy to commit computer intrusion; conspiracy to commit bank fraud; conspiracy to commit wire fraud60 years in prison


Brief About Gozi:-
The Gozi virus is malicious computer code, or “malware,” that steals personal bank account information, including usernames and passwords, from the users of affected computers. It was named by private sector information security experts in the U.S. who, in 2007, discovered that previously unrecognized malware was stealing personal bank account information from computers across Europe on a vast scale, while remaining virtually undetectable in the computers it infected. To date, the Gozi virus has infected over one million victim computers worldwide, among them at least 40,000 computers in the U.S., including computers belonging to the National Aeronautics and Space Administration (NASA), as well as computers in Germany, Great Britain, Poland, France, Finland, Italy, Turkey, and elsewhere, and it has caused tens of millions of dollars in losses to the individuals, businesses, and government entities whose computers were infected.

The Gozi virus was distributed to victims’ computers in several different ways. In one method, the virus was disguised as an apparently benign .pdf document which, when opened, secretly installed the Gozi virus on the victim’s computer. Once installed, the Gozi virus—which was intentionally designed to be undetectable by anti-virus software—collected data from the infected computer in order to capture personal bank account information including usernames and passwords. That data was then transmitted to various computer servers controlled by the cyber criminals who used the Gozi virus. These cyber criminals then used the personal bank account information to transfer funds out of the victims’ bank accounts and ultimately into their own personal possession.


For Detailed Information Click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users

Posted by Avik Sarkar On 11/27/2012 12:33:00 am

Ransomware Found on Hacked GoDaddy Sites, Infecting Thousand of Users 

Users who have their websites hosted by GoDaddy again fallen victim of cyber attack. Researcher at ShopsLabs reported that cyber criminals have managed to hack the DNS records of GoDaddy hosted websites and thus they infected a large number of GoDaddy users with ransomwareFraser Howard, a Principal Virus Researcher of SophosLabs stated that the hackers behind these attacks are “exploiting DNS by hacking the DNS records of sites, adding one or more additional subdomains with corresponding DNS entries (A records) referencing malicious IP addresses. The legitimate hostname resolves to the legitimate IP address, but the added sub-domains resolve to rogue servers.” By doing so, the criminals are able to set-up URLs that seem legitimate, potentially sneaking through security filtering systems and duping Internet surfers into believing they are harmless, he explained in a Friday blog entry. In some instances, multiple subdomains were added to each user’s account, with each of them redirecting viewers to at least one malicious IP address.  
Go Daddy customers who wish to check they have not been affected by these attacks should check their DNS configuration according to the Go Daddy support page. 

As soon as the attack has been spotted in the wild, GoDaddy released a statement included below :-

"Go Daddy has detected a very small number of accounts have malicious DNS entries placed on their domain names. We have been identifying affected customers and reversing the malicious entries as we find them. Also, we're expiring the passwords of affected customers so the threat actors cannot continue to use the accounts to spread malware.
We suspect that the affected customers have been phished or their home machines have been affected by Cool Exploit as we have confirmed that this is not a vulnerability in the My Account or DNS management systems.
Go Daddy highly recommends that US- and Canada-based customers enable 2-Step Authentication to help protect their accounts. Details on how to set up this feature are located at http://support.godaddy.com/help/article/7502/enabling-twostep-authentication.
If a customer suspects their account may have an issue, we encourage them to contact Go Daddy Customer Care or fill out the form at the following link: https://support.godaddy.com/support/?section=support. "
While talking about GoDaddy and cyber attack, then we would like to remind you that, this may not have been the first hacking attempt against Go Daddy this fall. Couple of months ago, a hacker from Anonymous claimed to have taken down the domain registry and web hosting company. However, one day after the attack, Go Daddy denied they had been targeted by cyber criminals. Last year in September several GoDaddy sites were compromised, there also the reason was a malware




SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

USA Accused For Planting "Flame" Malware to Hack France President's Network

Posted by Avik Sarkar On 11/23/2012 07:08:00 pm

USA Accused For Planting "Flame" Malware to Hack France President's Network

A well known French newspaper named "L'Express" has accused that United States is using dangerous cyber weapon "Flame" to break into the computer networks inside France’s presidential palace also known as the Elysee. In his report L'Express has published details of what it claims was a sophisticated state-sponsored hack into the offices of the French presidency earlier this year with the intention of stealing data. According to the newspaper, the malware attack took place in May 2012, shortly before the second round of presidential elections in France, but has been kept secret until now. The newspaper alleges that the attackers reportedly found their targets on Facebook, identifying people working inside the presidential palace and connecting with them on the social network. The social engineering laid the groundwork for the next phase of the attack; the victims were then sent links to a fake Elysee intranet page where their login credentials were stolen. Workers at the Élysée Palace are said to have been befriended on Facebook by hackers, who then sent their victims a link to what purported to be a login page for the Élysée intranet site. In this way, it's claimed, login credentials were stolen. It is alleged that malware was then installed on the network, infecting computers belonging to senior political advisors, including Xavier Musca, Secretary-General of Nicolas Sarkozy's office. The United States Embassy in Paris has denied any involvement in hacking its ally. “We categorically refute allegations of unidentified sources,” Mitchell Moss, Embassy spokesman, told l’Express. “France is one of our best allies. Our cooperation is remarkable in the areas of intelligence, law enforcement and cyber defense. It has never been so good and remains essential to achieve our common fight against extremist threat.” Though the secretary  of Department of Homeland Security Janet Napolitano did not deny the U.S. was involved. She told l’Express: “We have no greater partner than France, we have no greater ally than France. We cooperate in many security-related areas. I am here to further reinforce those ties and create new ones.”

While talking about Flame, we would like to remind you that after the episode of 'Duqu'; In the middle of this year The Iranian Computer Emergency Response Team (MAHER) claims to have discovered a new targeted Stuxnet attacking the country's internal system. This newly found Stuxnet have been dubbed Flame (also known as Flamer or Skywiper). Flame the next generation cyber weapon which is also known as 'The Super Spy' has already fascinated the cyber-security industry with its sophistication and versatility as a Swiss-Army knife of cyber-spying. Later it was spotted in the wild when software giant Microsoft confirmed that its Windows Server Update Services (WSUS), Windows Update (WU) has been infected by Flame malware. Also in many fields, the name of 'Flame' was on the high node. 


-Source (NS & threatpost)







SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

Posted by Avik Sarkar On 11/09/2012 04:30:00 am

McAfee Reveals Emma Watson as 2012’s Most Dangerous Cyber Celebrity & For India its Sunny Leone

In a research security software company McAfee figure out Sunny Leone as the most dangerous celebrity in the Indian cyber space for this year, followed by Katrina Kaif and Kareena Kapoor. For the sixth year in a row, McAfee researched popular culture’s most famous people to reveal riskiest celebrity sportsmen, actors and politicians across the Web to reveal the 2012 rendition of ‘Most Dangerous Celebrity’ research. In the India ranking this year, Sunny Leone displaced Katrina Kaif, who owned this title in the 2011 edition of this annual research. Lubna Markar, Sr. Marketing Manager India and South Asia, McAfee, said, “Cyber criminals continue to leverage top celebrities to lure people to websites with malicious software. This year too, we saw cyber crooks leveraging Bollywood stars whereby the maximum number of malicious software laden sites pertained to Sunny Leone. This testifies her top position as the most dangerous celebrity in Indian cyberspace in 2012.” 
The study for ‘Most Dangerous Celebrity’ used the McAfee SiteAdvisor site rating which indicates the sites that are risky to search for celebrity names on the Web and calculate an overall risk percentage. The top 10 celebrities in India from this year’s study with the highest risk percentages are: 

  1. Sunny Leone: This sexy Canadian model/actress who made headlines with her presence in the celebrity reality show BigBoss, ranks first with 9.95% chances of luring people into clicking on malicious links.
  2. Katrina Kaif: India’s ‘chikni chameli’ was the most dangerous Indian celebrity of 2011, but has slipped down to the 2nd position this year with a risk percentile of 8.25%.
  3. Kareena Kapoor: The 3rd Most Dangerous Celebrity and winner of six film fare awards has a 6.67% possibility of making users fall into a trap of malware laden Web sites.
  4. Priyanka Chopra: This former Miss World who has been the reigning queen of Bollywood occupies the 4th position on the Most Dangerous Celebrities list with a risk percentile of 6.5%.
  5. Bipasha Basu: With Raaz 3, this Bengali bombshell has moved up the ranking from 8th in 2011 to the 5th position in 2012. She has a 5.58% percentile of leading users to a malicious site.
  6. Vidya Balan: After her ‘Dirty Picture’, Vidya Balan has a 5.33 % chance of leading users to malicious sites. The versatile Indian actress has marked her presence even in the cyber space.
  7. Deepika Padukone: This sultry actress of ‘Cocktail’ fame, was the 2nd most dangerous celebrity in the year 2011, but has plummeted to 7th position this year, with a 4.92% chance of being led to a malicious Web site.
  8. Salman Khan: One of the most sought after stars in Bollywood, Salman Khan has redefined the trends of the Hindi film industry with his roles in movies such as Dabangg and Ek Tha Tiger. With a risk percentile of 4.83%, he is on the eighth position in our Most Dangerous Celebrities ranking.
  9. Aishwarya Rai Bachchan: Touted as ‘the most beautiful woman in the world’, Aishwarya Rai Bachchan, is the ninth most dangerous celebrity in India with a risk percentile of 4.58%.
  10. Poonam Pandey: The Kingfisher calendar girl who was also amongst the top 8 contestants in ‘Gladrags 2010′, has a risk percentile of 4.25% and is the tenth most dangerous celebrity.


If you go thorugh the report of McAfee's 2012’s Most Dangerous Cyber Celebrity then you will come to know that Emma Watson has replaced Heidi Klum as McAfee's 2012 most dangerous celebrity to search for online. For the sixth times in a row, McAfee researched popular culture’s most famous people to reveal the riskiest Hollywood actors, athletes, musicians, politicians, designers, and comedians on the Web.  The McAfee Most Dangerous Celebrities™ study found that women are more dangerous than men with Jessica Biel taking the number two spot and Eva Mendes coming in third. Latina women have proven that they are on fire and make up five of the top ten spots. After Mendes, Selena Gomez, Shakira and Salma Hayek take the fourth, seventh and ninth spot and Sofia Vergara rounds out the top 10 list. Funnyman Jimmy Kimmel is the only male to make the top 20 list this year. 

The top 10 celebrities from this year’s study with the highest percentages of risk are:-

  1. Emma Watson – Best known for her role as Hermione Granger in the “Harry Potter” franchise, the British actress tops the list as the 2012 Most Dangerous Celebrity. Watson continues to star in feature films including “My Week with Marilyn” and “The Perks of Being a Wallflower” and is an ambassador for Lancôme.
  2. Jessica Biel – The 2009 Most Dangerous Celebrity rose two spots this year from coming in at number 4 in 2011. Biel continues to be in the spotlight with fiancée Justin Timberlake and her role in 2012’s “Total Recall.”
  3. Eva Mendes – A new addition to the list,Mendes has starred in films including “2 Fast 2 Furious” and “Hitch.” She is currently in the news for her fling with Ryan Gosling.
  4. Selena Gomez – The tween musician and actress is best known for her role as Alex Russo on Disney’s “Wizards of Waverly Place” and for dating teen heartthrob Justin Bieber. She has been cast in the upcoming film “Parental Guidance Suggested” and was recently named one of Forbes’ Top 10 Best Social Media Superstars.
  5. Halle Berry – The Academy Award winning actress is famous for her stand out roles in action and horror films including “Catwoman” and “Gothika”. Berry is in the spotlight for her custody battle with baby daddy Gabriel Aubry.
  6. Megan Fox – The sexy actress rose 9 spots compared to her number 15 spot last year. She is currently in the news for her pregnancy with husband Brian Austin Green and will be seen in the upcoming film “This is 40”.
  7. Shakira – The belly-dancing singer/songwriter best known for her songs “Hips Don’t Lie” and “Whenever, Wherever” comes in at number 7. She was recently named one of Forbes’ World’s Most Powerful Women and was ranked number 6 on Forbes’ Top 10 Best Social Media Superstars.
  8. Cameron Diaz – 2010’s Most Dangerous Celebrity fell to eighth place, with searches resulting in slightly fewer risky sites this year. She was most recently in the spotlight for allegedly dating Alex Rodriguez. She is rumored to star in “Expendables 3.”
  9. Salma Hayek – The actress, producer and director received an Academy Award for her role as Frida Kahlo in “Frida” and recently starred in “Savages.” She is currently in the news for her controversial remarks about her Mexican heritage in a Vogue interview. She is married to billionaire François-Henri Pinault.
  10. Sofia Vergara – The Columbian actress and model best known for her comedic role as Gloria Delgado-Pritchett on ABC’s Emmy Award winning “Modern Family” rounds out the top 10 list. She also starred in the “The Three Stooges” film this year and was recently named one of Forbes’ World’s Most Powerful Women and highest paid TV actress. She recently announced her engagement to businessman Nick Loeb.



For more information about this topic click Here


SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

SOPA Returns! Not From Congress But As a Ransomware Virus

Posted by Avik Sarkar On 10/20/2012 12:07:00 pm

SOPA Returns! Not From Congress But As a Ransomware Virus

Last month in a report we said, that "SOPA & PIPA are dead, they're not coming back". Former Senate Christopher Dodd, now chairman of the Motion Picture Association of America, said the Stop Online Piracy Act and Protect IP Act aren’t going to be floated again in Congress. Now it seems that he was not fully right as The Stop Online Piracy ACT also known as SOPA the most controversial act which terrified almost every people, who is associated with Internet still chasing us, though the bill was defeated after massive protest; still  SOPA is not leaving us. I know its a tragic news, but do't be panic, this time its not the comeback of SOPA act from Congress but as a nasty cryptovirus that locks up people’s computers and accuses them of distributing copyright infringing files. Infected users can get their data back after a payment of $200 – at least, that’s what the virus makers promise. Several researcher have figure out and warning that new ransomware that claims to be an alert from the "Stop Online Piracy Automatic Protection System." It goes on to tell you that your computer is on a "S.O.P.A. IP Black List" because it was used to download copyright infringing materials, child pornography or illegal software. The malware encrypts all of your data files and holds them hostage, offering to decrypt them if you pay a fee to the criminals. According to report by Torrent Freakthe SOPA virus holds all files on the host computer ransom.
“Your computer is locked!” the splash screen above warns, adding:
If you see a warning.txt or warning screen, it means your IP address was included in S.O.P.A. Black List. One or more of the following items were made from your PC:
1. Downloading or distributing audio or video files protected by Copyright Law.

2. Downloading or distributing illegal content (child porn, phishing software, etc.)
3. Downloading or distributing Software protected by Copyright Law.

As a result of these infringements based on Stop Online Piracy Act (H.R. 3261) your PC and files are now blocked.
The SOPA virus is so-called ransomware, meaning that it holds computers hostage and only promises to free data after victims hand over cash. In the U.S. and Canada people are instructed to pay with a MoneyPak prepaid voucher, and in other parts of the world they can use Western Union. Those who don’t pay within three days are in trouble, the virus maker warns. “WARNING!!!: If you don’t pay the fine within 72 HOURS at the amount of 200 USD, all your computer data will be erased.”
People who are affected should of course ignore all the above. Searching online for “Stop Online Piracy Automatic Protection System Removal”” is a better option, there are plenty of ways to defeat the resurrected SOPA and get your data back.



SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-

Related Posts Plugin for WordPress, Blogger...

Site search